Nick Bilogorskiy has over 10 years of experience in computer security, specializing in malware analysis and botnet takedowns. He has held technical and leadership roles at companies such as Facebook, Cyphort, SonicWall, and Fortinet. His experience includes developing anti-malware detection techniques, coordinating incident response, and advising security teams. He has extensive skills in reverse engineering, malware analysis, and programming.
Can Patch Tuesday ever be labeled boring? November’s Patch Tuesday light list of advisories and vulnerabilities from Microsoft and Adobe is close. But don’t be tempted to delay or ignore these security updates. In this month’s releases are another Internet Explorer Zero Day and a publicly disclosed Office for Mac vulnerability. The sooner you patch, the sooner you’ll be protected from known security risks. No matter how tedious, stay committed to your digital safety and cyber security to keep your software and systems updated.
Can Patch Tuesday ever be labeled boring? November’s Patch Tuesday light list of advisories and vulnerabilities from Microsoft and Adobe is close. But don’t be tempted to delay or ignore these security updates. In this month’s releases are another Internet Explorer Zero Day and a publicly disclosed Office for Mac vulnerability. The sooner you patch, the sooner you’ll be protected from known security risks. No matter how tedious, stay committed to your digital safety and cyber security to keep your software and systems updated.
Versatile Production Engineer with 12+ years of rich experience in engineering projects for new product development.
Extensive product development experience consistently meeting quality, cost and delivery (QCD) metrics.
Skilled in capturing technical requirements of clients and translating them to viable solutions by evaluating and analyzing the design, engineering and manufacturing support activities.
Expert in leading professional teams and providing appropriate guidance to achieve superior results.
Well versed in coordinating with multiple stakeholders to accomplish challenging project objectives.
Proactive, result oriented manager delivering excellence through effective communication, coordination, planning and execution
We will provide all kind of IT services like Web development, software development, 3D Designing, Cyber security, Digital marketing etc. We will provide provide measurable cost savings and revenue gains to our client partners.
For more information Please visit our site www.arisen.in.
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
BlackHat USA 2015 got recently concluded and we head a bunch of news around how BlackHat brought to light various security vulnerabilities in day-to-day life like ZigBee protocol, Device for stealing keyless cars & ATM card skimmers. However the presenters, who are also ethical hackers, also gave a bunch of tools to help software community to detect & prevent security holes in the hardware & software while the product is ready for release. We have reviewed all the presentations from the conference and give you here a list of Top 10 tools/utilities that helps in security vulnerability detection & prevention.
Versatile Production Engineer with 12+ years of rich experience in engineering projects for new product development.
Extensive product development experience consistently meeting quality, cost and delivery (QCD) metrics.
Skilled in capturing technical requirements of clients and translating them to viable solutions by evaluating and analyzing the design, engineering and manufacturing support activities.
Expert in leading professional teams and providing appropriate guidance to achieve superior results.
Well versed in coordinating with multiple stakeholders to accomplish challenging project objectives.
Proactive, result oriented manager delivering excellence through effective communication, coordination, planning and execution
We will provide all kind of IT services like Web development, software development, 3D Designing, Cyber security, Digital marketing etc. We will provide provide measurable cost savings and revenue gains to our client partners.
For more information Please visit our site www.arisen.in.
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
BlackHat USA 2015 got recently concluded and we head a bunch of news around how BlackHat brought to light various security vulnerabilities in day-to-day life like ZigBee protocol, Device for stealing keyless cars & ATM card skimmers. However the presenters, who are also ethical hackers, also gave a bunch of tools to help software community to detect & prevent security holes in the hardware & software while the product is ready for release. We have reviewed all the presentations from the conference and give you here a list of Top 10 tools/utilities that helps in security vulnerability detection & prevention.
100 effective software testing tools that boost your TestingBugRaptors
Bugraptors always remains up to date with ongoing trends, technological changes and latest tools used in Manual Testing as well as in Automation Testing.
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black DuckBlack Duck by Synopsys
Presented August 11, 2016 by Michael Right, Senior Product Manager, HPE Security Fortify; Mike Pittenger, VP of Security Strategy, Black Duck.
Open source software is an integral part of today’s technology ecosystem, powering everything from enterprise and mobile applications to cloud computing, containers and the Internet of Things.
While open source offers attractive economic and productivity benefits for application development, it also presents organizations with significant security challenges. Every year, thousands of new open source security vulnerabilities – such as Heartbleed, Venom and Shellshock – are reported. Unfortunately, many organizations lack visibility into and control of their open source. Addressing this challenge is vital for ensuring security in applications and containers.
Whether you’re building software for customers or for internal use, the majority of the code is likely open source and securing it is no easy task. In this session, you’ll learn about:
• The evolving DevOps and software security assurance lifecycle in the age of open source
• The software security considerations CISOs, security, and development teams must address when using open source
• An automated approach to identifying vulnerabilities and managing software security assurance for custom and open source code.
The Netsparker Web Application #Security #Scanners employ a unique and dead-accurate vulnerability scanning technology that automatically verify the vulnerabilities by producing a proof of exploit.
Discover how Netsparker find security flaws in websites, applications and services and protect whole system in 3 clicks.
Softprom by ERC official Value added #distributor of #Netsparker in Europe.
Finding Bugs, Fixing Bugs, Preventing Bugs — Exploiting Automated Tests to In...University of Antwerp
With the rise of agile development, software teams all over the world embrace faster release cycles as *the* way to incorporate customer feedback into product development processes. Yet, faster release cycles imply rethinking the traditional notion of software quality: agile teams must balance reliability (minimize known defects) against agility (maximize ease of change). This talk will explore the state-of-the-art in software test automation and the opportunities this may present for maintaining this balance. We will address questions like: Will our test suite detect critical defects early? If not, how can we improve our test suite? Where should we fix a defect?
(Keynote for the SHIFT 2020 and IWSF 2020 Workshops, October 2020)
Infographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn'tSonatype
A thought-provoking look at heartbleed, which without leaving a trace, enables adversaries to steal usernames and passwords, instant messages, emails, business critical documents and communications. What happened and how can it be prevented?
How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Join Black Duck and our customer experts on best practices for application security in DevOps.
You’ll learn:
-New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices, including managing custom code and open source risks with containers and traditional environments
-Best practices for designing and incorporating an automated approach to application security into your existing development environment
-Future development and application security challenges organizations will face and what they can do to prepare
Advanced Malware Analysis Training Session 8 - Introduction to Androidsecurityxploded
This presentation is part of our Advanced Malware Analysis Training Series program.
For more details refer our Security Training page
http://securityxploded.com/security-training-advanced-malware-analysis.php
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Accelerate your Kubernetes clusters with Varnish Caching
Resume
1. Nick Bilogorskiy
10+ years in the computer security industry, specializing in reverse engineering malware, incident response, security team building and botnet takedown, and building excellent products that are easy to use.
Experience
2011 - present Cyphort San Jose, CA
Technical Director of Security Research
Architected and implemented next-generation anti-malware product
Developed algorithms for behavior detection of zero-day EXE, PDF, Flash and Java malware
Blogging, conferences, industry relationships
Founded and grew the research department
Automated research lab tasks
Helped raise several rounds of financing
2010 – 2011 Facebook Palo Alto, CA
Chief Malware Researcher
Worked on shutting down Koobface and other malware botnets and worked with FBI on attribution
Coordinated developing effective malware countermeasures
Provided response to security incidents, code security audits, cyber crime investigations
As malware subject matter expert, advised the engineering team on security requirements
PR response to malware issues
Engaged in building a world class malware response function
2008 - present MUTE Group Sunnyvale, CA
Co-founder and Board Member
Founded the bootstrapped service - interface for researchers to exchange malware links
Grew to 30+ participant companies and 100,000+ unique URLs per day
Built and maintained the public website – mutegroup.org
June 2006 – March 2010 SonicWALL, acquired by DELL Sunnyvale, CA
Manager, Malware Research
Malware and vulnerability analysis, virus trends, quoted in the media
Built and managed a team of top-notch researchers
Developed patent-pending cloud antivirus technology. Patent #20110016527
Phone: (408) 203-4323
nbilogorskiy@gmail.com
http://www.linkedin.com/in/bilogorskiy
867 Lewis Ave,
Sunnyvale, CA
94086
2. Page 2
Feb. 2004 – May 2006 Fortinet Technologies Vancouver, CAN
Manager, Malware Research & Escalation
Directed a team of international researchers from the USA, Canada, France, and China
Increased the coverage of Fortinet in the media, improved quality of detection and descriptions
Built a QA team and developed a testing process to test the Antivirus Engine
Jan. – Dec. 2003 Art In Motion Vancouver, CAN
Programmer / Analyst
Developed customized solutions for the Licensing Department [XML, VB, SQL, Outlook API]
Jan. – May 2002 Microsoft Corporation Redmond, WA
Software Test Engineer - Intern
Feature testing for MS Word. Made specs, test plans and automation [Word API, VB, XML]
2000 – 2001 Randronics Digital Burnaby, Canada
Co-Founder / Lead web designer
Founded a web design company and built several commercial websites [SQL, Flash, DHTML]
Education
2000–2003 Simon Fraser University Burnaby, Canada
Bachelor of Science, Computing Science; Concentration: Software Engineering, AI, Philosophy
1998–2000 Capilano College Burnaby, Canada
Diploma in Computing Science.
3. Page 3
Projects
Facebook: Koobface botnet takedown March 2011
For two years the Koobface worm was spreading on Facebook, infecting millions of Windows users who clicked on a malicious link in an infected friend’s message. I worked on the attribution and enforcement on Koobface authors and the coordination of Koobface assets takedown. In March 2011 the efforts paid off when Koobface stopped targeting Facebook.
Facebook: Anti-Clickjacking measures February 2011
After its launch, Facebook’s LIKE feature was widely abused by rogue affiliate scams (likejackers). I helped build a system designed to detect malicious "Like" patterns that requires an additional confirmation for pages that trigger this mechanism. https://www.facebook.com/facebook/posts/207321425975188
Facebook: Virus Bulletin keynote October 2010
I delivered the keynote address at the annual Virus Bulletin anti-malware conference, VB2010 in Vancouver, Canada. In the keynote I presented a brief overview of Facebook security organization, followed by a run-down of common Internet threats and their specific effect on Facebook, with focus on Koobface and other Facebook-specific malware families.
Facebook: Malware Roadblock May 2010
I extended and supported Facebook’s remediation solution for malware infected users – the Roadblock. I worked with partners daily to ensure Roadblock was effective against all Facebook malware threats: https://www.facebook.com/note.php?note_id=10150902333195766
Facebook: Facebook Immune System April 2010
I worked on the anti-malware components of the Facebook Immune System. The backbone of the site security, FIS analyzes every action on the site as it happens, to determine its threat level, and decide how to respond. To make this decision it looks at the reputation of the cookie, IP address, and a number of other factors. It runs on 2,000 servers, checks 640,000 user actions per second at peak, aggregates and analyzes 5,000 different signals, contains 200 different models and does 20 billion classifications checks every day. https://www.facebook.com/note.php?note_id=10150352042420766
DELL SonicWALL: Cloud Antivirus January 2010
I helped design and implement the patent-pending technology behind the “cloud antivirus” feature in SonicWALL’s Email Security appliances. PostgreSQL, Linux, C++. http://patents.com/us-20110016527.html
DELL SonicWALL: Botnet Interactions Diagram February 2009
This project aimed at presenting in a visual format the results of my research of top botnets in the world and the “bad actor” groups behind them, and charting their interactions.
4. Page 4
DELL SonicWALL: SonicALERT February 2008
I was responsible for running the public company’s research blog, featuring new content about malware threats weekly. https://www.mysonicwall.com/sonicalert/sonicalert.aspx
DELL SonicWALL: Antivirus Honeypot June 2007
I set up scripts and hardware to capture malicious traffic from the Web. Traffic was gathered, viruses extracted, sorted and forwarded to the virus lab for analysis.
FortiGuardCentre research portal website March 2005
I was involved in concept generation, design and implementation of a major corporation’s research portal. Special applications were incorporated, e.g. the online virus scanner, web addresses URL lookup, global threats statistics, and more. See the site at: http://www.fortiguardcenter.com
Fortinet: Antivirus Cross-Scanner Interface March 2004
I installed 9 antivirus products on the server and created Perl scripts to download and install their antivirus pattern updates automatically. The users could submit a file to the server via HTTP upload, and the cross-scanner was run [the file was scanned with all available antivirus vendors products at once]. Each virus scanner ran in parallel on different client machines, then log was parsed and results were combined under one interface and stored in the database. Similar to http://www.virustotal.com/
Fortinet: Clean Collection & False Positive Testing May 2004
False positive happens when a clean file is reported incorrectly as a virus by antivirus software. The only practical way to fight false positives is to use a comprehensive clean file collection. I built the collection and the database-driven interface to allow a virus analyst to submit a test pattern and scan the whole collection. Three analyst teams from different countries (Canada, France and China) were able to test their antivirus patterns and avoid false positives. Linux shell scripts, Perl, PHP were used.
Fortinet: Virus Auto-Replication System June 2004
I used Perl and C++ to create a virus Auto-Replication system that is controlled remotely via the Web. First, a snapshot is taken of the computer system, and then a virus is executed. Another snapshot is taken and compared to the original. All changed and newly created files (replicated samples) are added to the database. The system is then rebooted, and a clean image is restored to reset the environment.
Fortinet: Performance Test Automation October 2004
I automated performance testing of Fortinet security appliances by creating Perl scripts that tested virus detection on all supported protocols (HTTP, FTP, IMAP, POP3, and SMTP).
Microsoft Content Management Server Setup July 2001
After Microsoft acquired NCompass, I rewrote and rebranded the installation module for NCompass Resolution in a newer version of InstallScript language.. http://en.wikipedia.org/wiki/Microsoft_Content_Management_Server
5. Page 5
C
Perl, Python, PHP
SQL
Bash shell script
Visual Basic, XML
Java
.NET
Familiar Experienced Proficient
Skills
I am skilled at reverse-engineering, static and dynamic malware analysis, disassembly, debugging, writing patterns and tracking malware, networking, research publications and conference presentations, and representing the company at international events.
Programming
Software & Hardware
Security: OllyDbg, IDA Pro, Wireshark, VMWare, Snort, tcpdump, nmap, nessus
Web vulnerabilities: XSS, CSRF, SQL Injection, Clickjacking
OS: Windows, Unix, Linux
Web servers: IIS, Apache, Tomcat, ICAP, Squid
DB: MS Access, SQL Server, mySQL, PostgreSQL, NoSQL (Hadoop, Hive), SQLite3
Adobe Flash, Photoshop, PageMaker, ImageReady, Premiere
HTML5, DHTML, JavaScript, Jscript, VBScript, ASP, ColdFusion, JSP, AJAX, OpenGL
SourceSafe, Perforce, Subversion, CVS, Git
Soft Skills
Excellent business and interpersonal communication skills
Fluent in English, Russian and Ukrainian
Canadian Citizen, H1B status.
Business sense – make sound decisions for company’s benefit
Leadership – manage people and resources efficiently to achieve deadlines
Certifications: GREM – (SANS GIAC Reverse Engineering), Red Cross First Aid, CPR
My hobby is music – I sing and play guitar in a rock band.
References Available upon request