After the Data Breach: Stolen CredentialsSBWebinars
Credentials don’t start out on the dark web - they end there.
When usernames and passwords are compromised in a data breach, the consequences extend far beyond the victim organization due to rampant password reuse. For this reason, NIST recently recommended that organizations check users’ credentials against a set of known compromised passwords. However, by patroning dark web forums and paying for spilled credentials, enterprises indirectly support the criminal ecosystem. Furthermore, attackers often don’t publicly post stolen data until months or years after the breach, if at all. Is there a better way to follow NIST guidelines and protect users from account takeover?
Join Justin Richer, co-author of NIST Digital Identity Guidelines 800-63B, and Gautam Agarwal, Blackfish Product Manager, for a lively discussion on NIST’s password recommendations and how best to prevent account takeover fraud at your organization.
Agenda:
The Threat of Stolen Credentials
Reasoning Behind NIST’s Password Recommendations
Ways to Manage a Password “Breach Corpus”
How Blackfish Helps Organizations Follow NIST Guidelines
Enterprise password policies are often insufficient to protect against hackers. A recent analysis of nearly 100,000 passwords from a data breach showed that password cracking tools could discover many of the most common passwords within minutes using rainbow tables and dictionaries. While hashing provides some protection, hackers can bypass hashes to crack passwords. Organizations must implement stronger practices like salting hashes and enforcing minimum password strengths.
The document discusses targeted cyber attacks and the dangers they pose to organizations. It notes that many organizations wrongly assume they will not be targeted, but that all organizations have confidential information worth stealing. Successful targeted attacks can allow thieves to access and steal sensitive internal data. Examples given include industrial espionage, where documents were stolen by hacking a database server, and spying by hacking an ex-partner's online accounts. The results of cyber attacks can include financial losses and damage to credibility for victims.
The document discusses 5 SEO trends that will continue in 2017: 1) HTTPS becoming the standard as it provides encryption and security; 2) Unique content that provides value to users rather than just focusing on keywords; 3) Backlinks remaining important as they indicate trust and endorsements from other sites; 4) Managing online citations to ensure accurate business information across directories and maps; 5) Social media continuing to influence search rankings through engagement and shares.
This document outlines a presentation on finding cryptographic secrets using Google searches. It covers advanced Google search parameters and examples of hacking techniques. The presentation will discuss finding hashed passwords, secret keys, public keys, private keys, encrypted messages, and signed messages through Google searches. Automatic tools for searching are also mentioned, as well as countermeasures to prevent discovery of sensitive information.
Facebook recently came under fire for the discreet international roll-out of its photo facial recognition feature. This feature automatically identifies and suggests tags for individuals appearing in photos posted on Facebook. At first glance, this seemingly innocuous feature appears to quietly augment online social lives. At second glance, the rollout of this feature as a defaulted-to-on setting with no explicit user consent raises many privacy concerns. As a site with extensive power driven by the quantity, quality, and kind of data it collects, Facebook’s decision to step into the world of visual recognition of its users without formal user consent is a big no-no—or is it?
Join us for this month’s eBoost Consulting Brown Bag Lunch Webinar to explore this and other cases that raise internet privacy concerns. Learn the ins, outs, and nuances of internet privacy to determine where to draw the line on data collection and usage.
Cross-Site Request Forgery (CSRF) is a major web vulnerability that forces users to perform unintended actions on websites. It remains underreported due to the difficulty of detection. CSRF can be used to hijack user accounts, modify browser settings, and force purchases without user awareness or consent. While solutions like tokens exist, many websites remain vulnerable to CSRF attacks.
After the Data Breach: Stolen CredentialsSBWebinars
Credentials don’t start out on the dark web - they end there.
When usernames and passwords are compromised in a data breach, the consequences extend far beyond the victim organization due to rampant password reuse. For this reason, NIST recently recommended that organizations check users’ credentials against a set of known compromised passwords. However, by patroning dark web forums and paying for spilled credentials, enterprises indirectly support the criminal ecosystem. Furthermore, attackers often don’t publicly post stolen data until months or years after the breach, if at all. Is there a better way to follow NIST guidelines and protect users from account takeover?
Join Justin Richer, co-author of NIST Digital Identity Guidelines 800-63B, and Gautam Agarwal, Blackfish Product Manager, for a lively discussion on NIST’s password recommendations and how best to prevent account takeover fraud at your organization.
Agenda:
The Threat of Stolen Credentials
Reasoning Behind NIST’s Password Recommendations
Ways to Manage a Password “Breach Corpus”
How Blackfish Helps Organizations Follow NIST Guidelines
Enterprise password policies are often insufficient to protect against hackers. A recent analysis of nearly 100,000 passwords from a data breach showed that password cracking tools could discover many of the most common passwords within minutes using rainbow tables and dictionaries. While hashing provides some protection, hackers can bypass hashes to crack passwords. Organizations must implement stronger practices like salting hashes and enforcing minimum password strengths.
The document discusses targeted cyber attacks and the dangers they pose to organizations. It notes that many organizations wrongly assume they will not be targeted, but that all organizations have confidential information worth stealing. Successful targeted attacks can allow thieves to access and steal sensitive internal data. Examples given include industrial espionage, where documents were stolen by hacking a database server, and spying by hacking an ex-partner's online accounts. The results of cyber attacks can include financial losses and damage to credibility for victims.
The document discusses 5 SEO trends that will continue in 2017: 1) HTTPS becoming the standard as it provides encryption and security; 2) Unique content that provides value to users rather than just focusing on keywords; 3) Backlinks remaining important as they indicate trust and endorsements from other sites; 4) Managing online citations to ensure accurate business information across directories and maps; 5) Social media continuing to influence search rankings through engagement and shares.
This document outlines a presentation on finding cryptographic secrets using Google searches. It covers advanced Google search parameters and examples of hacking techniques. The presentation will discuss finding hashed passwords, secret keys, public keys, private keys, encrypted messages, and signed messages through Google searches. Automatic tools for searching are also mentioned, as well as countermeasures to prevent discovery of sensitive information.
Facebook recently came under fire for the discreet international roll-out of its photo facial recognition feature. This feature automatically identifies and suggests tags for individuals appearing in photos posted on Facebook. At first glance, this seemingly innocuous feature appears to quietly augment online social lives. At second glance, the rollout of this feature as a defaulted-to-on setting with no explicit user consent raises many privacy concerns. As a site with extensive power driven by the quantity, quality, and kind of data it collects, Facebook’s decision to step into the world of visual recognition of its users without formal user consent is a big no-no—or is it?
Join us for this month’s eBoost Consulting Brown Bag Lunch Webinar to explore this and other cases that raise internet privacy concerns. Learn the ins, outs, and nuances of internet privacy to determine where to draw the line on data collection and usage.
Cross-Site Request Forgery (CSRF) is a major web vulnerability that forces users to perform unintended actions on websites. It remains underreported due to the difficulty of detection. CSRF can be used to hijack user accounts, modify browser settings, and force purchases without user awareness or consent. While solutions like tokens exist, many websites remain vulnerable to CSRF attacks.
This document provides information about classes and programs offered by OASIS, an organization that provides educational opportunities for adults aged 50 and older, from January to April 2010. It includes a welcome message from the director, details about health and wellness, arts, humanities, physical activity, and technology classes. Special events are highlighted, as well as information about locations, registration procedures, fees, and ways to get involved with OASIS as a volunteer. The catalog offers over 100 classes, programs, and activities for older adults to learn, grow, and connect during the winter and spring months.
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
Password and Account Management Strategies - April 2019Kimberley Dray
This document provides a summary of a presentation about password and account management strategies. It discusses the importance of using long passphrases instead of complex passwords. It also recommends using a password manager to generate and store unique passwords for each account. Additionally, it advocates for the use of multi-factor authentication whenever available to add an extra layer of security. The presentation highlights factors to consider regarding who has access, what devices are used, locations, and recommended regularly changing passphrases and monitoring accounts.
Credera is a full-service management and technology consulting firm that provides expert, objective advice to help solve complex business and technology challenges for clients ranging from Fortune 1000 companies to emerging industry leaders. The document discusses password security and cracking passwords, beginning with an overview of what makes a strong password and demonstrating how to crack a database of 1.5 million leaked usernames and passwords using various techniques like rainbow tables, common passwords, and GPU-based brute force attacks. It recommends using adaptive hashing algorithms like bcrypt for password security and references additional materials on password cracking tools and methods.
Credit card data theft is a common concern, but what about theft of your marketing data? This data is just as valuable to hackers and can be resold multiple times on the underground. Guard against potential security breaches by having a plan in place. Be prepared, not paranoid.
The document discusses ethical hacking and summarizes key points in 3 sentences:
Ethical hackers, also known as white hats, help improve security by identifying vulnerabilities in systems without malicious intent and work to fix them, while black hat hackers break into systems illegally; common hacking techniques include SQL injection, cross-site scripting, and using Google dorks to find sensitive information on public websites. The document outlines skills and jobs of ethical hackers, different types of hackers, and provides examples of common attacks like SQL injection and cross-site scripting.
This document is a summary of a webinar on cyber security and digital safety. It discusses various types of hackers, defines cyber crimes, and covers topics like social media security, mental health and cyber security, and how to protect websites from hacking. It provides scopes in the cyber security field and lists some dedicated cyber security companies in Nepal. The webinar aims to educate normal users on filing the cyber space safely.
Info Session on Cybersecurity & Cybersecurity Study JamsGDSCCVR
In an era where digital threats are ever-evolving, understanding the fundamentals of cybersecurity is crucial.
Highlights of the Event:
💡 Google Cybersecurity Certification Scholarship.
🎭 Cloning and Phishing Demystified
🚨 Unravelling the Depths of Database Breaches
🛡️ Digital safety 101
🧼 Self-Check for Cyber Hygiene
⏺️ Event Details:
Date: 18th December 2023
Time: 6:00 PM to 7:00 PM
Venue: Online
How To Keep the Grinch From Ruining Your Cyber MondayMichele Chubirka
Ready to avoid crowded stores and online scammers during the holidays? Join Michele Chubirka as she goes through:
-Tips for safe online shopping and securing your banking information
-Protecting yourself from internet scams, phishing and fraud
Safeguard your personal information against identity theft
-How to use Anti-virus and other security software to keep your digital information safe.
Hacking involves modifying systems outside of their intended purpose. It is commonly done by teenagers and young adults using computers. Reasons for hacking include profit, protest, and challenge. Hacking can damage information, enable theft, compromise systems, and cost businesses millions per year. Hackers can be black hats who intend harm, white hats who perform security work, or gray hats who do both. Common attack types include DoS, password guessing, and man-in-the-middle. Hacking tools are widely available online, and passwords can be cracked using dictionary, brute force, and other attacks.
Learn about basic cybersecurity tips for protecting your computes, accounts and personal information. Topics include passwords and authentication, proactive defense against unwanted software and how to keep your devices current with security updates.
This document discusses emerging security challenges in an increasingly mobile, social, and cloud-based computing landscape. It notes that traditional perimeter-based security is ineffective as computing becomes more ubiquitous and decentralized. Mobile applications and social networks provide fertile ground for malware propagation. Cloud services mean data can take complex, indirect paths outside of a user's control. Passwords are often trivial to guess. Code from third parties and libraries may introduce vulnerabilities. A new security paradigm is needed to address these challenges, as permissions alone will not suffice. Users must think differently about security in this new environment.
This document discusses ethical hacking. It begins by defining hacking and distinguishing between black hat, white hat, and grey hat hackers. White hat hackers, also known as ethical hackers, hack systems with permission to identify vulnerabilities. The document outlines the different phases of ethical hacking including footprinting, scanning, enumeration, gaining access, and maintaining access. It provides examples of tools used in each phase and types of attacks like social engineering and SQL injection. The document emphasizes that for hacking to be ethical, hackers must have permission and respect privacy. It concludes by discussing how organizations can prevent hacking by closing vulnerabilities identified through ethical hacking activities.
The document discusses the importance of software security and best practices for achieving it. It defines security as protecting information and data from unauthorized access while allowing authorized access. Attacks aim to access services, modify or deny data without permission. Major e-commerce companies like Amazon attract hackers due to collecting user information for transactions, so they must implement strong security. The discussion emphasizes designing for security throughout the software development lifecycle, understanding threats, rigorous testing, and risk analysis.
This document provides best practices for online security and protecting personal information. It discusses the risks of sharing personal data online like passwords being cracked, social engineering, phishing emails, malware, and man-in-the-middle attacks. The document recommends using strong, unique passwords, two-factor authentication, privacy screens, firewalls, antivirus software, web filtering, encrypted backups, HTTPS browsing, and avoiding phishing. Following these practices can help better secure personal information in an increasingly connected digital world.
This document provides information about classes and programs offered by OASIS, an organization that provides educational opportunities for adults aged 50 and older, from January to April 2010. It includes a welcome message from the director, details about health and wellness, arts, humanities, physical activity, and technology classes. Special events are highlighted, as well as information about locations, registration procedures, fees, and ways to get involved with OASIS as a volunteer. The catalog offers over 100 classes, programs, and activities for older adults to learn, grow, and connect during the winter and spring months.
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
Password and Account Management Strategies - April 2019Kimberley Dray
This document provides a summary of a presentation about password and account management strategies. It discusses the importance of using long passphrases instead of complex passwords. It also recommends using a password manager to generate and store unique passwords for each account. Additionally, it advocates for the use of multi-factor authentication whenever available to add an extra layer of security. The presentation highlights factors to consider regarding who has access, what devices are used, locations, and recommended regularly changing passphrases and monitoring accounts.
Credera is a full-service management and technology consulting firm that provides expert, objective advice to help solve complex business and technology challenges for clients ranging from Fortune 1000 companies to emerging industry leaders. The document discusses password security and cracking passwords, beginning with an overview of what makes a strong password and demonstrating how to crack a database of 1.5 million leaked usernames and passwords using various techniques like rainbow tables, common passwords, and GPU-based brute force attacks. It recommends using adaptive hashing algorithms like bcrypt for password security and references additional materials on password cracking tools and methods.
Credit card data theft is a common concern, but what about theft of your marketing data? This data is just as valuable to hackers and can be resold multiple times on the underground. Guard against potential security breaches by having a plan in place. Be prepared, not paranoid.
The document discusses ethical hacking and summarizes key points in 3 sentences:
Ethical hackers, also known as white hats, help improve security by identifying vulnerabilities in systems without malicious intent and work to fix them, while black hat hackers break into systems illegally; common hacking techniques include SQL injection, cross-site scripting, and using Google dorks to find sensitive information on public websites. The document outlines skills and jobs of ethical hackers, different types of hackers, and provides examples of common attacks like SQL injection and cross-site scripting.
This document is a summary of a webinar on cyber security and digital safety. It discusses various types of hackers, defines cyber crimes, and covers topics like social media security, mental health and cyber security, and how to protect websites from hacking. It provides scopes in the cyber security field and lists some dedicated cyber security companies in Nepal. The webinar aims to educate normal users on filing the cyber space safely.
Info Session on Cybersecurity & Cybersecurity Study JamsGDSCCVR
In an era where digital threats are ever-evolving, understanding the fundamentals of cybersecurity is crucial.
Highlights of the Event:
💡 Google Cybersecurity Certification Scholarship.
🎭 Cloning and Phishing Demystified
🚨 Unravelling the Depths of Database Breaches
🛡️ Digital safety 101
🧼 Self-Check for Cyber Hygiene
⏺️ Event Details:
Date: 18th December 2023
Time: 6:00 PM to 7:00 PM
Venue: Online
How To Keep the Grinch From Ruining Your Cyber MondayMichele Chubirka
Ready to avoid crowded stores and online scammers during the holidays? Join Michele Chubirka as she goes through:
-Tips for safe online shopping and securing your banking information
-Protecting yourself from internet scams, phishing and fraud
Safeguard your personal information against identity theft
-How to use Anti-virus and other security software to keep your digital information safe.
Hacking involves modifying systems outside of their intended purpose. It is commonly done by teenagers and young adults using computers. Reasons for hacking include profit, protest, and challenge. Hacking can damage information, enable theft, compromise systems, and cost businesses millions per year. Hackers can be black hats who intend harm, white hats who perform security work, or gray hats who do both. Common attack types include DoS, password guessing, and man-in-the-middle. Hacking tools are widely available online, and passwords can be cracked using dictionary, brute force, and other attacks.
Learn about basic cybersecurity tips for protecting your computes, accounts and personal information. Topics include passwords and authentication, proactive defense against unwanted software and how to keep your devices current with security updates.
This document discusses emerging security challenges in an increasingly mobile, social, and cloud-based computing landscape. It notes that traditional perimeter-based security is ineffective as computing becomes more ubiquitous and decentralized. Mobile applications and social networks provide fertile ground for malware propagation. Cloud services mean data can take complex, indirect paths outside of a user's control. Passwords are often trivial to guess. Code from third parties and libraries may introduce vulnerabilities. A new security paradigm is needed to address these challenges, as permissions alone will not suffice. Users must think differently about security in this new environment.
This document discusses ethical hacking. It begins by defining hacking and distinguishing between black hat, white hat, and grey hat hackers. White hat hackers, also known as ethical hackers, hack systems with permission to identify vulnerabilities. The document outlines the different phases of ethical hacking including footprinting, scanning, enumeration, gaining access, and maintaining access. It provides examples of tools used in each phase and types of attacks like social engineering and SQL injection. The document emphasizes that for hacking to be ethical, hackers must have permission and respect privacy. It concludes by discussing how organizations can prevent hacking by closing vulnerabilities identified through ethical hacking activities.
The document discusses the importance of software security and best practices for achieving it. It defines security as protecting information and data from unauthorized access while allowing authorized access. Attacks aim to access services, modify or deny data without permission. Major e-commerce companies like Amazon attract hackers due to collecting user information for transactions, so they must implement strong security. The discussion emphasizes designing for security throughout the software development lifecycle, understanding threats, rigorous testing, and risk analysis.
This document provides best practices for online security and protecting personal information. It discusses the risks of sharing personal data online like passwords being cracked, social engineering, phishing emails, malware, and man-in-the-middle attacks. The document recommends using strong, unique passwords, two-factor authentication, privacy screens, firewalls, antivirus software, web filtering, encrypted backups, HTTPS browsing, and avoiding phishing. Following these practices can help better secure personal information in an increasingly connected digital world.
This document discusses cyber ethics and hacking. It begins with an introduction to why security is important and defines hacking. It then discusses different types of hackers like hackers, crackers, phreaks, and script kiddies. The document outlines strategies for ethical hackers and malicious hackers. It also discusses the importance of vulnerability research and provides conclusions about security.
The life of breached data and the attack lifecycleJarrod Overson
OWASP RTP Presentation on Data breaches, credential spills, the lifespan of data, credential stuffing, the attack lifecycle, and what you can do to protect yourself or your users.
Source Code and Admin Password Shared on Public Site by DeveloperDigital Shadows
An IT manager discovered their company's source code and administrator credentials had been shared on a public site by a developer. This information had also been copied to a malicious site, potentially allowing attackers access to internal systems. The company used Digital Shadows SearchLight to detect this inadvertent data exposure on GitHub. Analysts verified the alert, provided context and recommendations to help the company quickly remove the content and address processes to prevent future exposures.
This document discusses password managers and their adoption. It begins by outlining the need for secure authentication as online transactions and data sharing increases. While passwords are theoretically secure, users often choose weak passwords and reuse them across accounts. This exposes them to risk if one password is compromised.
The document then describes three types of password managers: browser-based, which are convenient but less secure; desktop-based, which require opening a separate program but offer stronger security; and mobile apps, which provide security and usability on any device. It argues password managers can help users meet best practices for unique, strong passwords without memorization burden, improving security overall.
An Introduction To IT Security And Privacy In Libraries & AnywhereBlake Carver
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more. In this hour I focused on things to train in libraries, security awareness training and other things relevant to people in libraries. Librarians and anyone else in a library. There's a focus on practical ways to secure yourself, browsers and other things. Also some dicussion on privacy
Password Cracking is a technique to gain the access to an organisation.
In this slide, I will tell you the possible ways of cracking and do a live example for Gmail Password Cracking.
This document discusses techniques for hiding malicious software and command and control traffic in plain sight. It describes designing a RAT that uses encryption and queries web pages for commands. It also discusses mimicking normal user behavior by monitoring traffic rates and target URLs. Additional hiding techniques explored include using alternate data streams, least significant bit encoding in images, and abusing network protocols. The document emphasizes that behavior monitoring must be part of security strategies to detect such concealed threats.
This document summarizes a presentation about password attacks from 2013. It describes several major password breaches that year, including Adobe (153 million accounts breached), Twitter (250,000 accounts breached), and others. It also discusses different types of password attacks like dictionary attacks, brute force attacks, and mask attacks. The document provides examples of these attacks in action and strategies to help strengthen passwords.
This is a quick experiment in messing with the .NET framework for the purpose of showing potential attacks if someone gets root on a machine.
Presented at CodeMash, January 8, 2014
This is a quick overview of my initial delving into SDR from a pen testing perspective. It is admittedly very basic and introductory - I hope to expand the talk quite a bit over the coming months.
Presented at CodeMash, January 8, 2014
This talk focuses on various ways to attempt to be as much like normal users/behavior/traffic as possible. We also demonstrate the limitations of signature-based detection systems and then discuss a prototype Remote Access Tool (RAT) that is designed to blend in with normal activity.
Presented at CodeMash, January 8, 2014
The document describes an anatomy of a buffer overflow attack. It begins with disclaimers about the legal and ethical responsibilities when discussing exploits. It then provides an overview of the scenario which involves exploiting a vulnerability in a Windows FTP server to obtain a reverse shell. It defines relevant terminology like buffers, fuzzing, shellcode and bind/reverse shells. It also provides examples of assembly shellcode and encoded shellcode. Finally, it outlines the process of identifying the vulnerability, designing an exploit through fuzzing and overwriting registers, and obtaining a shell through the exploit.
DevLink - WiFu: You think your wireless is secure?Rob Gillen
The document discusses attacks on WiFi networks and provides an overview of wireless security testing tools and techniques. It notes that most attacks described would be illegal without permission and assumes no responsibility. It then covers wireless packet frames, packet sniffing filters, packet injection, wireless channels, hidden SSIDs, MAC filters, WEP cracking, WPA/WPA2 cracking using dictionaries, wireless security testing tools like Pineapple and Reaver, and recommendations for more secure wireless practices.
This document summarizes a presentation on wireless security testing and attacks. It describes tools like airodump-ng for packet sniffing, aireplay-ng for packet injection, and aircrack-ng for cracking wireless encryption keys. It demonstrates attacks like cracking WEP encryption, exploiting vulnerabilities in WPS, and performing man-in-the-middle attacks. The presentation emphasizes that these attacks would be illegal to perform without permission and stresses the importance of responsible disclosure.
The document provides an overview of introductory GPGPU programming with CUDA. It discusses why GPUs are useful for parallel computing applications due to their high FLOPS and memory bandwidth capabilities. It then outlines the CUDA programming model, including launching kernels on the GPU with grids and blocks of threads, and memory management between CPU and GPU. As an example, it walks through a simple matrix multiplication problem implemented on the CPU and GPU to illustrate CUDA programming concepts.
This document compares and contrasts Amazon Web Services and Windows Azure cloud platforms. It provides an overview of the different types of cloud services offered, including infrastructure as a service, platform as a service and private clouds. It then details the specific services available in each platform, such as compute, storage, databases and networking. Examples are given of how to architect applications for fault tolerance across cloud services.
This document summarizes Rob Gillen's presentation on Amazon Web Services (AWS) and Windows Azure. The presentation covers:
1. An overview of the cloud computing market and discussion of core cloud primitives.
2. Examples of fault tolerance techniques used by AWS and Azure like regions, availability zones, load balancing, and replication.
3. Lessons learned on vendor-specific implementations including an example of an incorrect network change at AWS that caused a "replication storm".
4. Examples of application architectures that leverage cloud services for dynamic scaling, fault tolerance, and background processing using independent components, load balancing, and queues.
This document summarizes a presentation about Amazon Web Services and Windows Azure. It discusses the different types of cloud computing including private, infrastructure as a service, and platform as a service clouds. It then provides overviews of the various services offered on AWS and Windows Azure, such as compute, storage, databases, networking, deployment and tooling. The presentation aims to compare and contrast the capabilities and approaches of the two major cloud platforms.
1) The document provides an introduction to GPGPU programming with CUDA, outlining goals of providing an overview and vision for using GPUs to improve applications.
2) Key aspects of GPU programming are discussed, including the large number of cores devoted to data processing, example applications that are well-suited to parallelization, and the CUDA tooling in Visual Studio.
3) A hands-on example of matrix multiplication is presented to demonstrate basic CUDA programming concepts like memory management between host and device, kernel invocation across a grid of blocks, and using thread IDs to parallelize work.
Scaling Document Clustering in the CloudRob Gillen
This document discusses scaling document clustering algorithms in the cloud. It describes an existing tool called Piranha that can search and analyze documents to organize them based on content and identify similar documents. The author discusses challenges with existing approaches being memory bound or having distribution issues. Current work is exploring using cloud platforms to provide scalability and accessibility while utilizing features like fault tolerance. Early results show promise in scaling to process larger document sets in the cloud compared to traditional HPC methods. Future work areas include optimizing work unit size and balancing scale, stability and speed.
Hands On with Amazon Web Services (StirTrek)Rob Gillen
This document summarizes a presentation about Amazon Web Services (AWS) given by Rob Gillen. It introduces the main AWS products like EC2, S3, SQS, and others. It discusses the major AWS outage in April 2011 and lessons learned from companies that were affected and survived versus those that were affected and did not survive. It also provides recommendations for building highly available and fault tolerant systems on AWS, such as replicating data across availability zones and using queues to isolate system components.
Amazon Web Services for the .NET DeveloperRob Gillen
This document provides an overview and introduction to Amazon Web Services (AWS) for .NET developers. It discusses various AWS computing and storage services including Elastic Compute Cloud (EC2), Simple Storage Service (S3), Simple Queue Service (SQS), SimpleDB, and Elastic Block Storage (EBS). The document outlines key concepts for these services and provides a walkthrough of setting up a Windows machine on EC2 and interacting with AWS services through code examples. It also covers tips and tools for using AWS and addresses questions from attendees.
The document summarizes a test of file transfers between a local computer and cloud storage services AWS and Azure. Tests were conducted uploading and downloading files of varying sizes from 2KB to 100MB to evaluate transfer duration, rate, and variability. Results were analyzed and reported using various visualizations and metrics to establish baseline expectations for performance of consumer internet connections to cloud storage. The research aims to improve understanding of user experience with cloud computing resources.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
1. So, What’s in a
Password?
Rob Gillen
@argodev
This work is licensed under a Creative Commons Attribution 3.0 License.
2. Don’t Be Stupid
The following presentation describes real
attacks on real systems. Please note that
most of the attacks described would be
considered ILLEGAL if attempted on
machines that you do not have explicit
permission to test and attack. I assume no
responsibility for any actions you perform
based on the content of this presentation
or subsequent conversations.
Please remember this basic guideline: With
knowledge comes responsibility.
3. Disclaimer
The content of this presentation
represents my personal views and
thoughts at the present time. This
content is not endorsed by, or
representative in any way of my
employer nor is it intended to be a
view into my work or a reflection on
the type of work that I or my group
performs. It is simply a hobby and
personal interest and should be
considered as such.
5. Pixel Federation
In December 2013, a breach of the webbased game community based in Slovakia
exposed over 38,000 accounts which were
promptly posted online. The breach
included email addresses and unsalted
MD5 hashed passwords, many of which
were easily converted back to plain
text.
http://haveibeenpwned.com/
6. Vodafone
In November 2013, Vodafone in Iceland
suffered an attack attributed to the
Turkish hacker collective "Maxn3y". The
data was consequently publicly exposed
and included user names, email
addresses, social security numbers, SMS
message, server logs and passwords from
a variety of different internal
sources.
http://haveibeenpwned.com/
7. Adobe
The big one. In October 2013, 153
million accounts were breached with
each containing an internal ID,
username, email, encrypted password and
a password hint in plain text. The
password cryptography was poorly done
and many were quickly resolved back to
plain text. The unencrypted hints also
disclosed much about the passwords
adding further to the risk that
hundreds of millions of Adobe customers
already faced.
http://haveibeenpwned.com/
8. Twitter
February 2013 - This week, we detected
unusual access patterns that led to us
identifying unauthorized access attempts
to Twitter user data. We discovered one
live attack and were able to shut it down
in process moments later. However, our
investigation has thus far indicated that
the attackers may have had access to
limited user information – usernames,
email addresses, session tokens and
encrypted/salted versions of passwords –
for approximately 250,000 users.
https://blog.twitter.com/2013/keeping-our-users-secure
18. How do they work?
• Known file-format/implementation
weakness
• Header data to indicate encryption
• Type, keylength, etc.
• Often some small portion to
decrypt/validate
• How is it that changing encryption
keys is fast?
• Your key encrypts “real” key
20. Password Guessing
char string1[maxPassLength + 1];
char alphanum[63] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"0123456789";
for 0 maxLength
for each char in alphanum…
21. Slightly Better…
int min = 8;
int max = 12;
char[] valid =
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"0123456789";
#
#
#
#
known rules
first & last must be char
no consecutive-ordered chars/nums
no repeated chars/nums
23. Image courtesy of xkcd.com (http://imgs.xkcd.com/comics/password_strength.png)
24. (more) Intelligent
Password Guessing
• What do people usually use?
• What can we do to reduce the set of
possibilities?
• Cull terms/domain knowledge from
relevant data
• Dating sites, religious sites, others
Best: Already used/real-world passwords
25. Determine your goals
• Cracking a single, specific pwd?
• Cracking a large % of an “acquired
set”?
26. • Mark Burnett, author of Perfect Passwords
• List of 6,000,000, culled down to 10,000
most frequently used
• Top 10,000 passwords are used by 98.8% of all users
• 2,342,603 (that’s 99.6%) unique passwords remaining
that are in use by only .18% of users!
https://xato.net/passwords/more-top-worst-passwords/
34. Levenshtein Edit Distance
• Minimum number of
changes required to
change one string into
another
• Measure distance b/t
actual words and cracked
list to optimize the
word mangling rules
• i.e. XX% of words can be
achieved with Levenshtein
edit distance of <=2
• Only gen rules that match
http://www.let.rug.nl/~kleiweg/lev/
http://www.kurzhals.info/static/samples/levenshtein_distance/
35. What if I don’t have your
Password?
• Pass the Hash
• Demo
• But We use Smart Cards!?
36. Avoidance Techniques
• Don’t use “monkey”
• Don’t reuse “monkey”
• If you must use monkey, require
something else as well
• Salt is good
• Your own salt is better
• Utilize memory-hard algorithms
• Utilize multiple iterations (a lot)
• Your username is half of the equation