The document discusses a talk titled "Docker might not be your friend - Trojanizing Docker like a Sir" given by Daniel García and Roberto Muñoz. The talk covers what Docker is, the Docker environment including components like Docker hosts, registries, and orchestrators. It also discusses continuous integration/continuous deployment cycles and how Docker fits into those processes. The slides provide definitions and diagrams to explain these concepts.
Building Instruqt, a scalable learning platformInstruqt
On February 15th I gave a talk on how we built Instruqt. We use Kubernetes, Terraform and Google Cloud, and in my talk I explain the benefits of using these tools and services correctly.
So you think the systems at your employer can actually use a little bit more security? Or what about your own system to gain more privacy? In this talk, we discuss the reasons for Linux server and system hardening. First we learn why we should protect our crown jewels, and what can wrong if we ignore information security. Next is getting a better understanding of the possible resources we can use. And since system hardening can be time-consuming, we discuss some tools to help in the system hardening quest.
Presentation on - How to create custom Burp Suite extensions using Jython to test the web
application / mobile applications with strong encryptions in HTTP requests and responses.
Building Instruqt, a scalable learning platformInstruqt
On February 15th I gave a talk on how we built Instruqt. We use Kubernetes, Terraform and Google Cloud, and in my talk I explain the benefits of using these tools and services correctly.
So you think the systems at your employer can actually use a little bit more security? Or what about your own system to gain more privacy? In this talk, we discuss the reasons for Linux server and system hardening. First we learn why we should protect our crown jewels, and what can wrong if we ignore information security. Next is getting a better understanding of the possible resources we can use. And since system hardening can be time-consuming, we discuss some tools to help in the system hardening quest.
Presentation on - How to create custom Burp Suite extensions using Jython to test the web
application / mobile applications with strong encryptions in HTTP requests and responses.
Most file systems have methods to assign permissions or access rights to specific users and groups of users.
These system control the ability of the users to view, change, navigate, and execute the contents of the file system.
Permissions on the linux- systems are managed in three distinct scopes or classes. Theses scopes are known as users, groups or others.
The Caffe Latte attack debunks the age old myth that to crack WEP, the attacker needs to be in the RF vicinity of the authorized network, with at least one functional AP up and running. We demonstrate that it is possible to retrieve the WEP key from an isolated Client - the Client can be on the Moon! - using a new technique called "AP-less WEP Cracking". With this discovery Pen-testers will realize that a hacker no longer needs to drive up to a parking lot to crack WEP. Corporations still stuck with using WEP, will realize that their WEP keys can be cracked while one of their employees is transiting through an airport, having a cup of coffee, or is catching some sleep in a hotel room. Interestingly, Caffe Latte also has a great impact on the way Honey-pots work today and takes them to the next level of sophistication.
This presentation provides an overview of the initial submission to the OMG RFP on DDS Security. The presentation introduces the overall security model proposed for DDS and the protocols.
Presentation given at Mongo SV conference in Mountain View on December 3, 2010. Covers reasons for logging to MongoDB, logging library basics and library options for Java, Python, Ruby, PHP and C#. Updated 1/1/2012 with more info on logging in Ruby and tailable cursors.
micro-ROS: Developing ROS 2 professional applications based on MCUseProsima
These slides, presented during the ROS-Industrial Americas meeting, provide an insight on the micro-ROS architecture and features, as well as an update on its latest updates.
Building a secure image pipeline with Ansible. Generating secure OS images for OpenShift Virtualization. Creating a immutable image pipeline with Ansible, OpenSCAP, Packer, Molecule and Vagrant. Packaging OS images for consumption to OpenShift Virtualization.
Since its first 1.12 release on July 2016, Docker Swarm Mode has matured enough as a clustering and scheduling tool for IT administrators and developers who can easily establish and manage a cluster of Docker nodes as a single virtual system. Swarm mode integrates the orchestration capabilities of Docker Swarm into Docker Engine itself and help administrators and developers with the ability to add or subtract container iterations as computing demands change. With sophisticated but easy to implement features like built-in Service Discovery, Routing Mesh, Secrets, declarative service model, scaling of the services, desired state reconciliation, scheduling, filters, multi-host networking model, Load-Balancing, rolling updates etc. Docker 17.06 is all set for production-ready product today. Join me webinar organised by Docker Izmir, to get familiar with the current Swarm Mode capabilities & functionalities across the heterogeneous environments.
This document explains how to use docker container in Ubuntu 14.04 VM for trying out cgroups without actually using the host/guest operating system. It talks about using 'cpu' subcomponent and demostrates the effect of process isolation by 'htop' utility.
The docker containers are very effective way of trying out things by launching a container using standard/custom docker image from docker hub or your own image repository.
Dalle applicazioni desktop al web ed alle architetture multi tier. Dallo sviluppo basato sui componenti alle service oriented architecture… I Microservices saranno la soluzione vincente?
Most file systems have methods to assign permissions or access rights to specific users and groups of users.
These system control the ability of the users to view, change, navigate, and execute the contents of the file system.
Permissions on the linux- systems are managed in three distinct scopes or classes. Theses scopes are known as users, groups or others.
The Caffe Latte attack debunks the age old myth that to crack WEP, the attacker needs to be in the RF vicinity of the authorized network, with at least one functional AP up and running. We demonstrate that it is possible to retrieve the WEP key from an isolated Client - the Client can be on the Moon! - using a new technique called "AP-less WEP Cracking". With this discovery Pen-testers will realize that a hacker no longer needs to drive up to a parking lot to crack WEP. Corporations still stuck with using WEP, will realize that their WEP keys can be cracked while one of their employees is transiting through an airport, having a cup of coffee, or is catching some sleep in a hotel room. Interestingly, Caffe Latte also has a great impact on the way Honey-pots work today and takes them to the next level of sophistication.
This presentation provides an overview of the initial submission to the OMG RFP on DDS Security. The presentation introduces the overall security model proposed for DDS and the protocols.
Presentation given at Mongo SV conference in Mountain View on December 3, 2010. Covers reasons for logging to MongoDB, logging library basics and library options for Java, Python, Ruby, PHP and C#. Updated 1/1/2012 with more info on logging in Ruby and tailable cursors.
micro-ROS: Developing ROS 2 professional applications based on MCUseProsima
These slides, presented during the ROS-Industrial Americas meeting, provide an insight on the micro-ROS architecture and features, as well as an update on its latest updates.
Building a secure image pipeline with Ansible. Generating secure OS images for OpenShift Virtualization. Creating a immutable image pipeline with Ansible, OpenSCAP, Packer, Molecule and Vagrant. Packaging OS images for consumption to OpenShift Virtualization.
Since its first 1.12 release on July 2016, Docker Swarm Mode has matured enough as a clustering and scheduling tool for IT administrators and developers who can easily establish and manage a cluster of Docker nodes as a single virtual system. Swarm mode integrates the orchestration capabilities of Docker Swarm into Docker Engine itself and help administrators and developers with the ability to add or subtract container iterations as computing demands change. With sophisticated but easy to implement features like built-in Service Discovery, Routing Mesh, Secrets, declarative service model, scaling of the services, desired state reconciliation, scheduling, filters, multi-host networking model, Load-Balancing, rolling updates etc. Docker 17.06 is all set for production-ready product today. Join me webinar organised by Docker Izmir, to get familiar with the current Swarm Mode capabilities & functionalities across the heterogeneous environments.
This document explains how to use docker container in Ubuntu 14.04 VM for trying out cgroups without actually using the host/guest operating system. It talks about using 'cpu' subcomponent and demostrates the effect of process isolation by 'htop' utility.
The docker containers are very effective way of trying out things by launching a container using standard/custom docker image from docker hub or your own image repository.
Dalle applicazioni desktop al web ed alle architetture multi tier. Dallo sviluppo basato sui componenti alle service oriented architecture… I Microservices saranno la soluzione vincente?
This slides describe how to put Docker on Internet of Things (IoT) especially Raspberry Pi 2. Describing 2 options Hypriot and Ubuntu 15.10 MATE and challenges for using Docker on Raspberry Pi 2.
Docker & Containers for Big Data, Data Science, Machine Learning & Deep LearningRui Quintino
PortoData Meetup
http://www.portodata.net/xxxi-evento-porto-data-25-maio-2017-uptec/
Docker e Containers são das tecnologias atuais com maior crescimento e aceitação. Depois de um breve refresh ao Docker e vantagens dos containers, vamos ver casos práticos de como o Docker pode ajudar em workloads de desenvolvimento, testes ou mesmo produção para Big Data, Data Science, Machine Learning ou mesmo Deep Learning. Seja no posto de trabalho, on-prem ou Azure. Por último a facilidade de criação de clusters com Docker Swarm.
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena TapiaDocker, Inc.
This is my story about how I got involved in the Docker hackathon (and won) without knowing Docker at all. I'll share what technological limitations I had before using Docker and how I managed to solve them, and also some tips to getting started. As a closing, I'll talk about the Whaleprint project and some key features that we would love to see in docker today.
With the 'rise of containers' comes also the rise of container platforms. And while Docker is the way to do things for now, Podman has also been gaining traction as the new kid on the block especially after being somewhat embraced by RedHat and Fedora. Being new also comes with lack of heavy scrutiny and audit on the security side of things. Once you start integrating other protocols and pieces that compliment each other, such as Varlink, boundaries become fuzzy. Rather than focus on container breakouts, which are also very important, we'll focus on how Podman and Varlink interoperate and the authentication and security implications as such. We'll look at the remote API capabilities, secure configurations and how certain setups and projects out there by default can be vulnerable to compromise. By the end of the talk, we will have discussed various bugs, issues and hardening techniques around deploying Podman and Varlink together and if you don't know a lot about containers, you'll learn a bit along the way.
Digital Forensics and Incident Response (DFIR) using Docker ContainersDeep Shankar Yadav
Digital Forensics & Incident Response is a multidisciplinary profession that focuses on identifying, investigating, and remeidating computer network exploitation. This can take varied forms and involves a wide variety of skills, kinds of attackers, an kinds of targets. This presentation explains how we can implement docker in DFIR practices.
Dockerizing stashboard - Docker meetup at TwiliodotCloud
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
L'avvento dei container nello scenario IT ci fornisce una soluzione in più per il consolidamento dei nostri server di esercizio. In questa sessione vedremo come utilizzare Docker al fine di effettuare il deploy di una soluzione che utilizza alcune delle applicazioni più diffuse, sia on-premise che in-the-cloud, Azure o Amazon che sia, in modo da ridurre drasticamente l'incertezza dei side-effect di ambiente passando da uno all'altro.
Similar to RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images (20)
Cómo aplicar técnicas de fingerprinting en las 4 capas de TCP / IP y lograr hacer un perfil de un objetivo deduciendo las tecnologías usadas en base a ciertos parámetros obtenidos usando este tipo de técnicas
Presentación de un nuevo concepto de ataques: Broker Injection, así como la herramienta de explotación: Enteletaor Broker injector.
El video con todas las animaciones lo puedes encontrar en:
https://youtu.be/OxtBiQ7n60Y
Python, hacking y sec-tools desde las trincheras
Un recorrido por hacking de redes a bajo nivel y protocolos de comunicaciones, con la navaja suiza del bajo nivel: Scapy.
Aprenderemos cómo transformar en herramientas de hacking bien construidas lo que hasta ahora resolvías con scripts para "salir de paso" de esa auditoría que se te está resistiendo.
Crearemos varias herramientas de hacking desde cero, explicando:
- Cómo diseñar y escalar aplicaciones de seguridad,
- Construir aplicaciones re-usables,
- Usar librerías de terceros en nuestro código,
- Generar lineas de comando (CLI) útiles y fáciles de usar,
- Exportar los resultados en JSON, xml o Excel,
- Crear un sistema de plugins sencillo pero potente
Mi Charla en Codemotion 2015. En ella repasamos los principales de problemas de seguridad y olvidos en los sistemas puestos en producción: fingerprinting, configuraciones incompletas, cifrados insuficientes, aplicaciones de gestión por defecto en producción, kernel de *NIX etc.
Slides de mi charla en: V Navaja Negra & ConectaCON
Scapy es una herramienta y librería de generación de paquetes y tramas de red escrita en Python que nos permite especificar a muy bajo nivel qué y cómo es lo que queremos enviar.
Scapy tiene integrado la poca conocida librería "Automaton". Esta librería nos permite crear autómatas de estados finitos para sistemas de comunicaciones... No asustarse, que no es tan complicado :)
Las pilas de protocolos, como el conocido TCP/IP, están basadas en el comportamiento definido por un autómata finito. Estos autómatas se basan, habitualmente, en su estándares RFC (que definen gran parte de las comunicaciones de Internet) aunque cada sistema operativo lo implementa a su manera, pero siguiendo el estándar, claro.
En la charla SE PRESENTARÁ cómo simular una pila de protocolos de cualquier tipo y para que se vea lo sencillo que es. Además, se explicará cómo se puede usar esta técnica para realizar ataques de hacking, modificar tráfico de red al vuelo o implementar servicios que de otra forma sería tremendamente complejo.
Como EJEMPLO FINAL, se mostrará como modificar determinados bits que cumplan ciertas condiciones y como poder modificar parte del comportamiento del protocolo, para provocar reacciones inesperadas en el sistema atacado/auditado.
Documento usado para dar mi charla en el III Hack&Beers en Madrid. Temática:
Cómo funciona el fingerprinting, como ocultarse y cómo nos pueden vulnerar sino lo tenemos en cuenta.
Ejemplos prácticos con Linux y Wordpress
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/