This document summarizes research on the Torpig botnet conducted by security researchers at UC Santa Barbara. The researchers were able to take control ("sinkhole") the botnet's command and control servers for about 10 days by registering domains the bots were programmed to contact. This allowed observation and data collection from over 180,000 infected machines. The data revealed theft of thousands of financial accounts and other personal information, as well as potential for large-scale denial of service attacks and privacy threats from compromised devices. Repatriating stolen information to financial institutions and working with law enforcement presented challenges.
Metrics - You can't control the unfamiliarICSM 2011
Paper: You Can't Control the Unfamiliar: A Study on the Relations Between Aggregation Techniques for Software Metrics
Authors: Bogdan Vasilescu, Alexander Serebrenik and Mark Van Den Brand
Session: Research Track 11 - Metrics
Industry - Evolution and migration - Incremental and Iterative Reengineering ...ICSM 2011
Paper: Incremental and Iterative Reengineering towards Software Product Line: An Industrial Case Study
Authors: Gang Zhang, Liwei Shen, Xin Peng, Zhenchang Xing and Wenyun Zhao
Session: Industry Track Session 3: Evolution and migration
Natural Language Analysis - Mining Java Class Naming ConventionsICSM 2011
Paper: Mining Java Class Naming Conventions
Authors: Simon Butler, Michel Wermelinger, Yijun Yu and Helen Sharp
Session: Research Track 4 - Natural Language Analysis
Industry - Testing & Quality Assurance in Data Migration Projects ICSM 2011
Paper: Testing & Quality Assurance in Data Migration Projects
Authors: Klaus Haller, Florian Matthes, Christopher Schulz
Session: Industry Track Session 3: Evolution and migration
Paper: Tracking Technical Debt- An Exploratory Case Study
Authors: Yuepu Guo, Carolyn Seaman, Rebeka Gomes, Antonio Cavalcanti, Graziela Tonin, Fabio Q. B. Da Silva, André L. M. Santos, Clauirton Siebra
Session: Early Research Achievement Track Session 3
Reliability and Quality - Predicting post-release defects using pre-release f...ICSM 2011
Paper : Predicting Post-release Defects Using Pre-release Field Testing Results
Authors : Foutse Khomh, Brian Chan, Ying Zou, Anand Sinha and Dave Dietz
Session: Research Track Session 9: Reliability and Quality
Metrics - You can't control the unfamiliarICSM 2011
Paper: You Can't Control the Unfamiliar: A Study on the Relations Between Aggregation Techniques for Software Metrics
Authors: Bogdan Vasilescu, Alexander Serebrenik and Mark Van Den Brand
Session: Research Track 11 - Metrics
Industry - Evolution and migration - Incremental and Iterative Reengineering ...ICSM 2011
Paper: Incremental and Iterative Reengineering towards Software Product Line: An Industrial Case Study
Authors: Gang Zhang, Liwei Shen, Xin Peng, Zhenchang Xing and Wenyun Zhao
Session: Industry Track Session 3: Evolution and migration
Natural Language Analysis - Mining Java Class Naming ConventionsICSM 2011
Paper: Mining Java Class Naming Conventions
Authors: Simon Butler, Michel Wermelinger, Yijun Yu and Helen Sharp
Session: Research Track 4 - Natural Language Analysis
Industry - Testing & Quality Assurance in Data Migration Projects ICSM 2011
Paper: Testing & Quality Assurance in Data Migration Projects
Authors: Klaus Haller, Florian Matthes, Christopher Schulz
Session: Industry Track Session 3: Evolution and migration
Paper: Tracking Technical Debt- An Exploratory Case Study
Authors: Yuepu Guo, Carolyn Seaman, Rebeka Gomes, Antonio Cavalcanti, Graziela Tonin, Fabio Q. B. Da Silva, André L. M. Santos, Clauirton Siebra
Session: Early Research Achievement Track Session 3
Reliability and Quality - Predicting post-release defects using pre-release f...ICSM 2011
Paper : Predicting Post-release Defects Using Pre-release Field Testing Results
Authors : Foutse Khomh, Brian Chan, Ying Zou, Anand Sinha and Dave Dietz
Session: Research Track Session 9: Reliability and Quality
Industry - The Evolution of Information Systems. A Case Study on Document Man...ICSM 2011
Paper : The Evolution of Information Systems. A Case Study on Document Management
Authors : Paolo Salvaneschi
Session: Industry Track Session 3: Evolution and migration
Components - Crossing the Boundaries while Analyzing Heterogeneous Component-...ICSM 2011
Paper: "Crossing the Boundaries while Analyzing Heterogeneous Component-Based Software Systems"
Authors: Amir Reza Yazdanshenas, Leon Moonen
Session: Research Track Session 7: Components
Faults and Regression Testing - Fault interaction and its repercussionsICSM 2011
Paper: Fault Interaction and its Repercussions
Authors: Nicholas DiGiuseppe and James A. Jones
Seesion: Research Track 1: Faults and Regression Testing
Components - Graph Based Detection of Library API LimitationsICSM 2011
Paper: Graph-based Detection of Library API Imitations
Authors: Chengnian Sun, Siau-Cheng Khoo, Shao Jie Zhang (All from National University of Singapore)
Session: Research Track Session 7: Component
Natural Language Analysis - Expanding Identifiers to Normalize Source Code Vo...ICSM 2011
Paper: Expanding Identifiers to Normalize Source Code Vocabulary
Authors: Dave Binkley and Dawn Lawrie
Session: Research Track 4: Natural Language Analysis
Industry - Precise Detection of Un-Initialized Variables in Large, Real-life ...ICSM 2011
Paper: "Precise Detection of Un-Initialized Variables in Large, Real-life COBOL Programs in Presence of Un-realizable Paths"
Authors: Rahul Jiresal, Adnan Contractor and Ravindra Naik
Session: Industry Track Session 4: Program analysis and Verification
Abstract:
Though in essence an engineering discipline, software engineering research has always been struggling to demonstrate impact. This is reflected in part by the funding challenges that the discipline faces in many countries, the difficulties we have to attract industrial participants to our conferences, and the scarcity of papers reporting industrial case studies.
There are clear historical reasons for this but we nevertheless need, as a community, to question our research paradigms and peer evaluation processes in order to improve the situation. From a personal standpoint, relevance and impact are concerns that I have been struggling with for a long time, which eventually led me to leave a comfortable academic position and a research chair to work in industry-driven research.
I will use some concrete research project examples to argue why we need more inductive research, that is, research working from specific observations in real settings to broader generalizations and theories. Among other things, the examples will show how a more thorough understanding of practice and closer interactions with practitioners can profoundly influence the definition of research problems, and the development and evaluation of solutions to these problems. Furthermore, these examples will illustrate why, to a large extent, useful research is necessarily multidisciplinary. I will also address issues regarding the implementation of such a research paradigm and show how our own bias as a research community worsens the situation and undermines our very own interests.
On a more humorous note, the title hints at the fact that being a scientist in software engineering and aiming at having impact on practice often entails leading two parallel careers and impersonate different roles to different peers and partners.
Bio:
Lionel Briand is heading the Certus center on software verification and validation at Simula Research Laboratory, where he is leading research projects with industrial partners. He is also a professor at the University of Oslo (Norway). Before that, he was on the faculty of the department of Systems and Computer Engineering, Carleton University, Ottawa, Canada, where he was full professor and held the Canada Research Chair (Tier I) in Software Quality Engineering. He is the coeditor-in-chief of Empirical Software Engineering (Springer) and is a member of the editorial boards of Systems and Software Modeling (Springer) and Software Testing, Verification, and Reliability (Wiley). He was on the board of IEEE Transactions on Software Engineering from 2000 to 2004. Lionel was elevated to the grade of IEEE Fellow for his work on the testing of object-oriented systems. His research interests include: model-driven development, testing and verification, search-based software engineering, and empirical software engineering.
Traceability - Structural Conformance Checking with Design Tests: An Evaluati...ICSM 2011
Paper: Structural Conformance Checking with Design Tests: An Evaluation of Usability and Scalability.
Authors: João Brunet, Dalton Dario Serey Guerrero and Jorge Figueiredo.
Session: Research Track 5: Traceability
Metrics - Using Source Code Metrics to Predict Change-Prone Java InterfacesICSM 2011
Paper title: Using Source Code Metrics to Predict Change-Prone Java Interfaces
Authors: Daniele Romano and Martin Pinzger
Session: Research Track Session 11: Metrics
ERA - Clustering and Recommending Collections of Code Relevant to TaskICSM 2011
Paper: Clustering and Recommending Collections of Code Relevant to Task
Authors: Seonah Lee and Sungwon Kang
Session: Early Research Achievements Track Session 3: Managing and Supporting Software Maintenance Activities
Industry - Relating Developers' Concepts and Artefact Vocabulary in a Financ...ICSM 2011
Paper: Relating Developers' Concepts and Artefact Vocabulary in a Financial
Software Module
Authors: Tezcan Dilshener and Michel Wermelinger
Session: Industry Track 2 - Reverse Engineering
Postdoc symposium - A Logic Meta-Programming Foundation for Example-Driven Pa...ICSM 2011
Paper: A Logic Meta-Programming Foundation for Example-Driven Pattern Detection in Object-Oriented Programs
Author: Coen De Roover
Session: Post-doctoral symposium
Paper: SCOTCH: Improving Test-to-Code Traceability using Slicing and Conceptual Coupling
Authors: Abdallah Qusef, Gabriele Bavota, Rocco Oliveto, Andrea De Lucia, David Binkley
Session: Research Track Session 3: Dynamic Analysis
ERA - A Comparison of Stemmers on Source Code Identifiers for Software SearchICSM 2011
Paper: A Comparison of Stemmers on Source Code Identifiers for Software
Search
Authors: Andrew Wiese, Valerie Ho, Emily Hill.
Session: ERA1 - Linguistic Analysis of Software Artifacts
Industry - Estimating software maintenance effort from use cases an indu...ICSM 2011
Paper: Estimating Software Maintenance Effort from Use Cases: an Industrial Case Study
Authors:Yan Ku, Jing Du, Ye Yang, Qing Wang
Session: Industry Tracking 5: Metrics and
Estimation
Your Botnet is My Botnet: Analysis of a Botnet TakeoverAhmed EL-KOSAIRY
Your Botnet is My Botnet: Analysis of a Botnet Takeover
Botnets are the primary means for cyber-criminals to carry out their malicious tasks
• sending spam mails
• launching denial-of-service attacks
• stealing personal data such as mail accounts or bank credentials.
Paper Presentation - "Your Botnet is my Botnet : Analysis of a Botnet Takeover"Jishnu Pradeep
Presentation based on Paper titled: "Your botnet is my botnet: Analysis of a botnet takeover". The original authors are Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski,
Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna.
Industry - The Evolution of Information Systems. A Case Study on Document Man...ICSM 2011
Paper : The Evolution of Information Systems. A Case Study on Document Management
Authors : Paolo Salvaneschi
Session: Industry Track Session 3: Evolution and migration
Components - Crossing the Boundaries while Analyzing Heterogeneous Component-...ICSM 2011
Paper: "Crossing the Boundaries while Analyzing Heterogeneous Component-Based Software Systems"
Authors: Amir Reza Yazdanshenas, Leon Moonen
Session: Research Track Session 7: Components
Faults and Regression Testing - Fault interaction and its repercussionsICSM 2011
Paper: Fault Interaction and its Repercussions
Authors: Nicholas DiGiuseppe and James A. Jones
Seesion: Research Track 1: Faults and Regression Testing
Components - Graph Based Detection of Library API LimitationsICSM 2011
Paper: Graph-based Detection of Library API Imitations
Authors: Chengnian Sun, Siau-Cheng Khoo, Shao Jie Zhang (All from National University of Singapore)
Session: Research Track Session 7: Component
Natural Language Analysis - Expanding Identifiers to Normalize Source Code Vo...ICSM 2011
Paper: Expanding Identifiers to Normalize Source Code Vocabulary
Authors: Dave Binkley and Dawn Lawrie
Session: Research Track 4: Natural Language Analysis
Industry - Precise Detection of Un-Initialized Variables in Large, Real-life ...ICSM 2011
Paper: "Precise Detection of Un-Initialized Variables in Large, Real-life COBOL Programs in Presence of Un-realizable Paths"
Authors: Rahul Jiresal, Adnan Contractor and Ravindra Naik
Session: Industry Track Session 4: Program analysis and Verification
Abstract:
Though in essence an engineering discipline, software engineering research has always been struggling to demonstrate impact. This is reflected in part by the funding challenges that the discipline faces in many countries, the difficulties we have to attract industrial participants to our conferences, and the scarcity of papers reporting industrial case studies.
There are clear historical reasons for this but we nevertheless need, as a community, to question our research paradigms and peer evaluation processes in order to improve the situation. From a personal standpoint, relevance and impact are concerns that I have been struggling with for a long time, which eventually led me to leave a comfortable academic position and a research chair to work in industry-driven research.
I will use some concrete research project examples to argue why we need more inductive research, that is, research working from specific observations in real settings to broader generalizations and theories. Among other things, the examples will show how a more thorough understanding of practice and closer interactions with practitioners can profoundly influence the definition of research problems, and the development and evaluation of solutions to these problems. Furthermore, these examples will illustrate why, to a large extent, useful research is necessarily multidisciplinary. I will also address issues regarding the implementation of such a research paradigm and show how our own bias as a research community worsens the situation and undermines our very own interests.
On a more humorous note, the title hints at the fact that being a scientist in software engineering and aiming at having impact on practice often entails leading two parallel careers and impersonate different roles to different peers and partners.
Bio:
Lionel Briand is heading the Certus center on software verification and validation at Simula Research Laboratory, where he is leading research projects with industrial partners. He is also a professor at the University of Oslo (Norway). Before that, he was on the faculty of the department of Systems and Computer Engineering, Carleton University, Ottawa, Canada, where he was full professor and held the Canada Research Chair (Tier I) in Software Quality Engineering. He is the coeditor-in-chief of Empirical Software Engineering (Springer) and is a member of the editorial boards of Systems and Software Modeling (Springer) and Software Testing, Verification, and Reliability (Wiley). He was on the board of IEEE Transactions on Software Engineering from 2000 to 2004. Lionel was elevated to the grade of IEEE Fellow for his work on the testing of object-oriented systems. His research interests include: model-driven development, testing and verification, search-based software engineering, and empirical software engineering.
Traceability - Structural Conformance Checking with Design Tests: An Evaluati...ICSM 2011
Paper: Structural Conformance Checking with Design Tests: An Evaluation of Usability and Scalability.
Authors: João Brunet, Dalton Dario Serey Guerrero and Jorge Figueiredo.
Session: Research Track 5: Traceability
Metrics - Using Source Code Metrics to Predict Change-Prone Java InterfacesICSM 2011
Paper title: Using Source Code Metrics to Predict Change-Prone Java Interfaces
Authors: Daniele Romano and Martin Pinzger
Session: Research Track Session 11: Metrics
ERA - Clustering and Recommending Collections of Code Relevant to TaskICSM 2011
Paper: Clustering and Recommending Collections of Code Relevant to Task
Authors: Seonah Lee and Sungwon Kang
Session: Early Research Achievements Track Session 3: Managing and Supporting Software Maintenance Activities
Industry - Relating Developers' Concepts and Artefact Vocabulary in a Financ...ICSM 2011
Paper: Relating Developers' Concepts and Artefact Vocabulary in a Financial
Software Module
Authors: Tezcan Dilshener and Michel Wermelinger
Session: Industry Track 2 - Reverse Engineering
Postdoc symposium - A Logic Meta-Programming Foundation for Example-Driven Pa...ICSM 2011
Paper: A Logic Meta-Programming Foundation for Example-Driven Pattern Detection in Object-Oriented Programs
Author: Coen De Roover
Session: Post-doctoral symposium
Paper: SCOTCH: Improving Test-to-Code Traceability using Slicing and Conceptual Coupling
Authors: Abdallah Qusef, Gabriele Bavota, Rocco Oliveto, Andrea De Lucia, David Binkley
Session: Research Track Session 3: Dynamic Analysis
ERA - A Comparison of Stemmers on Source Code Identifiers for Software SearchICSM 2011
Paper: A Comparison of Stemmers on Source Code Identifiers for Software
Search
Authors: Andrew Wiese, Valerie Ho, Emily Hill.
Session: ERA1 - Linguistic Analysis of Software Artifacts
Industry - Estimating software maintenance effort from use cases an indu...ICSM 2011
Paper: Estimating Software Maintenance Effort from Use Cases: an Industrial Case Study
Authors:Yan Ku, Jing Du, Ye Yang, Qing Wang
Session: Industry Tracking 5: Metrics and
Estimation
Your Botnet is My Botnet: Analysis of a Botnet TakeoverAhmed EL-KOSAIRY
Your Botnet is My Botnet: Analysis of a Botnet Takeover
Botnets are the primary means for cyber-criminals to carry out their malicious tasks
• sending spam mails
• launching denial-of-service attacks
• stealing personal data such as mail accounts or bank credentials.
Paper Presentation - "Your Botnet is my Botnet : Analysis of a Botnet Takeover"Jishnu Pradeep
Presentation based on Paper titled: "Your botnet is my botnet: Analysis of a botnet takeover". The original authors are Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski,
Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna.
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...Eric Vanderburg
Eric Vanderburg, Director of Information Systems and Security at JurInnov, presents "The Bot Stops Here: Removing the BotNet Threat" at the Public and Higher Ed Security Summit.
Eradicate the Bots in the Belfry - Information Security Summit - Eric VanderburgEric Vanderburg
Eric Vanderburg, Director of Information Systems and Security at JurInnov, presents "Eradicate the Bots in the Belfry" at the Information Security Summit.
As presented at Hackfest 2015 Quebec City, November 7th 2015.
This session will focus on real world deployments of DDoS mitigation strategies in every layer of the network. It will give an overview of methods to prevent these attacks and best practices on how to provide protection in complex cloud platforms. The session will also outline what we have found in our experience managing and running thousands of Linux and Unix managed service platforms and what specifically can be done to offer protection at every layer. The session will offer insight and examples from both a business and technical perspective.
Докладчик проведет покейсовый разбор нескольких инцидентов с банкоматами, платежными шлюзами, карточным процессингом, системами межбанковских переводов, опишет тактику атакующих из разных стран для получения доступа в локальную сеть банка и расскажет про приемы, используемые хакерами для повышения привилегий в локальной сети. Продемонстрирует ошибки атакующих, расскажет, как выявить их активность и предотвратить вывод инфраструктуры банка из строя или похитить деньги. Слушатели узнают, кто будет атаковать финансовые учреждения в будущем, что атакующие будут использовать и как заметать следы.
Sthack 2015 - Ramon Vicens & Victor Acin - Cyber threats "the reality"StHack
The main idea behind this talk is to introduce the listeners of Sthack conference to the current landscape in the botnet threats. We'll begin talking about the main types of malware botnets: Trojan Bankers, Point of Sales and Credential Stealers, but we will focus on how some of these botnets operate in a technical level, specially, how the bots of Dyre, JackPoS and Pony are working nowadays in order to steal credit cards and banking credentials.
OnionBots: Subverting Privacy Infrastructure for Cyber AttacksAmirali Sanatinia
Over the last decade botnets survived by adopting a sequence of increasingly sophisticated strategies to evade detection and take overs, and to monetize their infrastructure. At the same time, the success of privacy infrastructures such as Tor opened the door to illegal activities, including botnets, ransomware, and a marketplace for drugs and contraband. We contend that the next waves of botnets will extensively attempt to subvert privacy infrastructure and cryptographic mechanisms. In this work we propose to preemptively investigate the design and mitigation of such botnets. We first, introduce OnionBots, what we believe will be the next generation of resilient, stealthy botnets. OnionBots use privacy infrastructures for cyber attacks by completely decoupling their operation from the infected host IP address and by carrying traffic that does not leak information about its source, destination, and nature. Such bots live symbiotically within the privacy infrastructures to evade detection,
measurement, scale estimation, observation, and in general all IP-based current mitigation techniques. Furthermore, we show that with an adequate self-healing network maintenance scheme, that is simple to implement, OnionBots can achieve a low diameter and a low degree and be robust to partitioning under node deletions. We develop a mitigation technique, called SOAP, that neutralizes the nodes of the basic OnionBots. In light of the potential of such botnets, we believe that the research community should proactively develop detection and mitigation methods to thwart OnionBots, potentially making adjustments to privacy infrastructure.
Andrew Brandt, Symantec
Back in 2014 and 2015, the Dyre (sometimes called Dyreza) Trojan was a distinctive crimeware tool for the simple reason that it appeared to employ, and experiment with, a whole range of sophisticated tactics, techniques and procedures: It was the first Trojan which exclusively employed HTTPS for its C2 traffic; It operated on a modular basis with a small cadre of other malware families, such as the Upatre downloader, which seemed to support it exclusively, as well as email address scraping tools and spam mail relayers; and it was at least as interested in profiling the environment it had infected as it was in exfiltrating any data it could find on the victim's machine. Then it disappeared suddenly, but re-emerged this year in the form of a Trojan now called Trickbot (aka Trickybot), completely rewritten but with many of the same features. In the lab, we permit Trickbot samples to persist on infected machines for days to weeks in order to perform man-in-the-middle SSL decryption on their C2 traffic. In this session, attendees will get a detailed forensic analysis of the content of some of this C2 traffic and the endpoint behavior of various machines (virtual and bare-metal) when left infected for an extended period of time. Finally, we will share what we know about the botnet's C2 infrastructure and its historical reputation. By understanding how Trickbot functions, and to where it communicates, we hope we can help identify infections more rapidly and, maybe, interpret the motives of whoever is operating this shadowy botnet to predict its next course of action.
As presented at LinuxCon/CloudOpen 2015 Seattle Washington, August 19th 2015. Sagi Brody & Logan Best
This session will focus on real world deployments of DDoS mitigation strategies in every layer of the network. It will give an overview of methods to prevent these attacks and best practices on how to provide protection in complex cloud platforms. The session will also outline what we have found in our experience managing and running thousands of Linux and Unix managed service platforms and what specifically can be done to offer protection at every layer. The session will offer insight and examples from both a business and technical perspective.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
JMeter webinar - integration with InfluxDB and Grafana
Richard Kemmerer Keynote icsm11
1. How to Steal a Botnet and What
Can Happen When You Do
Richard A. Kemmerer
Security Group
Department of Computer Science
University of California, Santa Barbara
kemm@cs.ucsb.edu
ICSM 2011 September 27, 2011
2. Botnet Terminology
UC Santa Barbara
• Bot
– an application that performs some action or set of actions on behalf
of a remote controller
– installed on a victim machine (zombie)
– modular (plug in your functionality/exploit/payload)
• Botnet
– network of infected machines controlled by a malicious entity
• Control channel
– required to send commands to bots and obtain results and status
messages
– usually via IRC, HTTP, HTTPs, or Peer-to-Peer
• Bot Herder
– aka botmaster or controller
– owns control channel, sends commands to botnet army
– motivations are usually power or money
2
3. Torpig
UC Santa Barbara
• Trojan horse
– distributed via the Mebroot “malware platform”
– injects itself into 29 different applications as DLL
– steals sensitive information (passwords, HTTP POST data)
– HTTP injection for phishing
– uses “encrypted” HTTP as C&C protocol
– uses domain flux to locate C&C server
• Mebroot
– spreads via drive-by downloads
– sophisticated rootkit (overwrites master boot record)
3
4. Torpig: Behind the scenes
UC Santa Barbara
s
and Mebroot C&C
mm
Co orpig
+t
“Hacked” web servers
STOLE
N DAT
A
nlo
ad Innocent victim
ow
o ot d
M ebr Torpig C&C
“Drive-By Download” server Injection server
4
5. Torpig HTML Injection
UC Santa Barbara
• Domains of interest (~300) stored in configuration file
• When domain of interest visited
– Torpig issues request to injection server
– server specifies a trigger page on target domain and a URL
on injection server to be visited when user visits trigger page
• When user visits the trigger page
– Torpig requests injection URL from injection server
– Torpig injects the returned content into the user’s browser
• Content is usually html phishing form that asks for
sensitive data
– reproduces look and style of target web site
5
8. Domain Flux
UC Santa Barbara
• Taking down a single bot has little effect on botmaster
• C&C servers are vulnerable to take down
– if you use a static IP address, people will block or remove host
– if you use a DNS name, people will block or remove domain name
• Domain flux
– idea is to have bots periodically generate new C&C domain names
– often, use local date (system time) as input
– botmaster needs to register one of these domains
and respond properly so that bots recognize valid C&C server
– defenders must register all domains to take down botnet
8
9. Torpig Domain Flux
UC Santa Barbara
• Each bot has
– same domain generation algorithm (DGA)
– three fixed domains to be used if all else fails
• DGA generates
– weekly domain name (wd)
– daily domain name (dd)
• Every 20 minutes bot attempts to connect (in order) to
– wd.com, wd.net, wd.biz
– if all three fail, then dd.com, dd.net, dd.biz
– if they also fail, then the three fixed domains
• Criminals normally registered wd.com (and wd.net)
9
10. Sinkholing Torpig C&C Overview
UC Santa Barbara
• Reverse engineered name generation algorithm and
C&C protocol
• Observed that domains for 01/25 – 02/15 unregistered
• Registered these domains ourselves
• Unfortunately, Mebroot pushed new Torpig binary on
02/04
• We controlled the botnet for ~10 days
• Data
– 8.7 GB Apache logs
– 69 GB pcap data (contains stolen information)
10
11. Sinkholing Torpig C&C
UC Santa Barbara
• Purchased hosting from two different hosting
providers known to be unresponsive to complaints
• Registered wd.com and wd.net with two different
registrars
– One was suspended 01/31 due to abuse complaint
• Set up Apache web servers to receive bot requests
• Recorded all network traffic
• Automatically downloaded and removed data from
our hosting providers
• Enabled hosts a week early
– immediately received data from 359 infected machines
11
12. Data Collection Principles
UC Santa Barbara
• Principle 1: the sinkholed botnet should be operated
so that any harm and/or damage to victims and targets
of attacks would be minimized
– always responded with okn message
– never sent new/blank configuration file
– removed data from servers regularly
– stored data offline in encrypted form
• Principle 2: the sinkholed botnet should collect enough
information to enable notification and remediation of
affected parties
– worked with law enforcement (FBI and DoD Cybercrime units)
– worked with bank security officers
– worked with ISPs
12
13. Data Collection
UC Santa Barbara
• Bot connects to Torpig C&C every 20 minutes via
HTTP POST
• Sends a header
– timestamp, IP address, proxy ports, OS version, locale, nid,
Torpig build and version number
• nid
– 8 byte value, used for encrypting header and data
– derived from hard disk information or volume serial number
– serves as a convenient, unique identifier
– allows one to detect VMware machines
• Optional body data
– stolen information (accounts, browser data, …)
13
14. Size Estimation
UC Santa Barbara
• Count number of infections
– usually based on unique IP addresses
– problematic: DHCP and NAT effects (we saw 1.2M unique IPs)
– our count based on header information: ~180K hosts (nids) seen
Average 4,690 new IPs Average 705 new nids 14
15. Size Estimation
UC Santa Barbara
• Cummulative number of infections
– linear for unique IP addresses
– decayed quickly for unique nids
– more than 75% of unique nids were observed in first 48 hours
15
16. Threats
UC Santa Barbara
• Theft of financial data
• Denial of service
• Proxy servers
• Privacy threats
16
17. Threats: Theft of Financial Information
UC Santa Barbara
• 8,310 unique accounts from 410 financial institutions
– Top 10: PayPal (1,770), Poste Italiane, Capital One,
E*Trade, Chase, Bank of America, UniCredit, Postbank,
Scottrade, Wells Fargo
– 38% of credentials stolen from browser’s password manager
• 1,660 credit cards
– Top 5: Visa (1,056), Mastercard, American Express, Maestro,
Discover
– US (49%), Italy (12%), Spain (8%)
– typically, one CC per victim, but there are exceptions …
17
18. Value of the Financial Information
UC Santa Barbara
• Symantec [2008] estimates
– Credit card value at $.10 to $25.00
– Bank account at $10.00 to $1,000.00
• Using Symantec estimates,10 days of Torpig data
valued at $83K to $8.3M
18
19. Threats: Denial of Service
UC Santa Barbara
• More than 60,000 active hosts at any given time
• Determine network speed from ip2location DB
– cable and DSL make up 65% of infected hosts
– used 435 kbps conservative upstream bandwidth
– yields greater than 17 Gbps just from DSL/cable
– corporate networks make up 22% of infected hosts
• Potential for a massive DDOS attack
19
20. Threats: Proxy Servers
UC Santa Barbara
• Torpig opens SOCKS and HTTP proxy
• 20% of infected machines are publicly reachable
• Only 2.45% of those marked by Spamhaus blacklist
• Could be abused for spamming
20
21. Threats: Privacy
UC Santa Barbara
• Web mail, web chat, and forum messages
• Focused on 6,542 messages in English that were
250 characters or longer
• Zeitgeist of the Torpig network
– 14% are about jobs/resumes
– 7% discuss money
– 6% are sports fans
– 5% prepare for exams and worry about grades
– 4% partners/sex online
• Online security is a concern, but think they are clean
– 10% specifically mention security/malware
21
22. Password Analysis
UC Santa Barbara
• 297,962 unique credentials used on 368,501 web sites
(domains)
– mostly web mail (Google, live, Yahoo) and social networking
sites (Facebook, MySpace, netlog.com)
– 28% of the victims reused their password on multiple domains
• Used John the Ripper to assess the strength of the
passwords
– 173,686 unique passwords
– 56,000 in < 65 minutes using permutation, substitution, etc.
– 14,000 in next 10 minutes using large wordlist
(i.e., 40% cracked in less than 75 minutes)
– another 30,000 in next 24 hours
22
24. What about?
UC Santa Barbara
• Criminal retribution
• Law enforcement
• Repatriating the data
• Ethics, IRB, etc.
24
25. Criminal Retribution
UC Santa Barbara
• Big concern on January 25
– are the criminals going to come to get us?
• More realistically - when will they DDOS our servers?
• Biggest question – why did it take them 10 days to
download a new DGA?
25
26. Law Enforcement
UC Santa Barbara
• We needed to inform law enforcement about this
– who do we notify?
– need someone knowledgeable so they don’t shut us down
• How do we get a hold of law enforcement?
– US CERT gives you a form to fill out
– contacted David Dagon at Ga Tech and got FBI contact
– contacted FBI cybercrime unit
– also contacted DoD defense criminal investigative services
• FBI was very good to work with and gave us lots of
contacts for repatriation
26
27. Repatriating the Data
UC Santa Barbara
• 8,310 accounts from 410 financial institutions
• 1,660 credit cards from various financial institutions
• Need to mine the information from the raw data files
• Cannot just cold call a bank and say I have
information that you might want, send me your BINs
• Need introductions from trusted individuals or groups
• FBI and National Cyber-Forensics and Training
Alliance (NCFTA) were very helpful
– leads to individuals who could handle an entire country
27
28. Ethics
UC Santa Barbara
• Recall Principle 1: the sinkholed botnet should be
operated so that any harm and/or damage to victims
and targets of attacks would be minimized
• Collected sensitive data that potentially could
threaten the privacy of victims
• Should emails be viewed at all?
• What about IRB approval?
– not working with human subjects, why would we need it?
– we didn’t plan on getting this kind of data
– any data that can be used to identify an individual needs IRB
28
29. Conclusions
UC Santa Barbara
• Unique opportunity to understand
– potential for profit and malicious activity of botnet’s creators
– characteristics of botnet victims
• Previous evaluations of botnet sizes based on distinct
IPs may be grossly overestimated
• Botnet victims are users with poorly maintained
machines and choose easily guessable passwords to
protect sensitive data
• Interacting with registrars, hosting facilities, victim
institutions, and law enforcement can be a complicated
process
• Papers: http://seclab.cs.ucsb.edu/media/uploads/papers/torpig.pdf
http://seclab.cs.ucsb.edu/media/uploads/papers/torpig_spmag11.pdf
29
30. Credits
UC Santa Barbara
• Brett Stone-Gross
• Marco Cova
• Lorenzo Cavallaro
• Bob Gilbert
• Martin Szydlowski
• Richard Kemmerer
• Chris Kruegel
• Giovanni Vigna
30