The document discusses security issues related to social networking sites. It provides examples of common social networking attacks like phishing, worms, and clickjacking on sites like Facebook and Twitter. It also discusses techniques that bad actors use to gather personal information from social networks and how users can better protect their privacy and secure their accounts. The document is presented as a conference paper on social networking security issues.
Emerging Trends in Online Social Networks MalwareAditya K Sood
Emerging trends in Social Networks Malware.
Social networks, such as Facebook, Twitter, and others pose a grave
threat to the security and privacy of users. This presentation highlights malware infection strategies
used by attackers to infect social networking websites and addresses security from the user
perspectives—outlining effective, secure steps that can reduce the impact of malware infections
This 2 hour presentation provides an overview of Internet Security. The first part addresses current threats such as viruses, Trojans, backdoors, botnets and more. The second part talks about how to protect yourself from these threats by changing the way you surf the ‘Net and by understanding your software and hardware options.
Invincea "The New Threat Vector"dogallama
The document discusses the proliferation of web malware and how current defenses are insufficient. It notes that web malware infections increased 225% in the second half of 2009, exploiting vulnerabilities in browsers and plugins. Traditional solutions like antivirus, firewalls, and web gateways are reactive and cannot keep up with the rapidly evolving threats. The document calls for a new proactive approach to effectively protect against advanced persistent threats, zero-day attacks, and other menaces that traditional solutions fail to prevent.
This document discusses the importance of social media monitoring for businesses. It notes that as social networking has become more important for business, the risks have also increased. It is no longer possible for businesses to ignore social media. The document outlines some of the major social media platforms like Facebook, YouTube, blogs and others and highlights how they can both help and hurt brands depending on how the brands are represented and discussed. It emphasizes that brands need to monitor their online presence across various social media sites to protect their reputation and ensure their message is consistent.
This document discusses various types of web spam and cheating techniques used by spammers, including link spam, content spam, spam blogs, comment/forum spam, cloaking, click fraud, and tagging. It notes the adversarial relationship between spammers and search engines, as spammer gains reduce search engine precision. Detection of such spam is important but difficult due to the many evolving forms that spam can take.
This document summarizes reports from visits to organizations in Cambodia working on poverty alleviation and social enterprise. It discusses:
1) CEDAC, which supports farmers through marketing assistance and higher prices. It works with over 3,000 farmers and benefits 25,000 households. Challenges include group organization and capital.
2) KAMONOHASHI's community factory model, which employs very low income individuals and conducts research on empowerment. It faces challenges with quality management and marketing.
3) Two conferences that discussed iDE Cambodia's sanitation marketing program that sold over 22,000 toilets, and Impact Investment Exchange Asia, a platform to increase funding for social enterprises.
Original Power Point retrieved from http://www.mrsshirley.net/powerpoint/realidades/grammar/
real1grammar/real1grammar.htm. Educational use granted if credit given to author.
Guía para la gestión del uso de medicamentosMANUEL RIVERA
Este documento presenta propuestas de indicadores y una encuesta de satisfacción para evaluar el uso racional de medicamentos en Chile. Incluye indicadores para medir la gestión, cobertura, costos y calidad de los servicios farmacéuticos. También propone una encuesta para medir la satisfacción de los pacientes con los servicios de farmacia ambulatoria en centros de salud públicos. El objetivo es monitorear y mejorar continuamente los sistemas de medicamentos a nivel público y privado.
Emerging Trends in Online Social Networks MalwareAditya K Sood
Emerging trends in Social Networks Malware.
Social networks, such as Facebook, Twitter, and others pose a grave
threat to the security and privacy of users. This presentation highlights malware infection strategies
used by attackers to infect social networking websites and addresses security from the user
perspectives—outlining effective, secure steps that can reduce the impact of malware infections
This 2 hour presentation provides an overview of Internet Security. The first part addresses current threats such as viruses, Trojans, backdoors, botnets and more. The second part talks about how to protect yourself from these threats by changing the way you surf the ‘Net and by understanding your software and hardware options.
Invincea "The New Threat Vector"dogallama
The document discusses the proliferation of web malware and how current defenses are insufficient. It notes that web malware infections increased 225% in the second half of 2009, exploiting vulnerabilities in browsers and plugins. Traditional solutions like antivirus, firewalls, and web gateways are reactive and cannot keep up with the rapidly evolving threats. The document calls for a new proactive approach to effectively protect against advanced persistent threats, zero-day attacks, and other menaces that traditional solutions fail to prevent.
This document discusses the importance of social media monitoring for businesses. It notes that as social networking has become more important for business, the risks have also increased. It is no longer possible for businesses to ignore social media. The document outlines some of the major social media platforms like Facebook, YouTube, blogs and others and highlights how they can both help and hurt brands depending on how the brands are represented and discussed. It emphasizes that brands need to monitor their online presence across various social media sites to protect their reputation and ensure their message is consistent.
This document discusses various types of web spam and cheating techniques used by spammers, including link spam, content spam, spam blogs, comment/forum spam, cloaking, click fraud, and tagging. It notes the adversarial relationship between spammers and search engines, as spammer gains reduce search engine precision. Detection of such spam is important but difficult due to the many evolving forms that spam can take.
This document summarizes reports from visits to organizations in Cambodia working on poverty alleviation and social enterprise. It discusses:
1) CEDAC, which supports farmers through marketing assistance and higher prices. It works with over 3,000 farmers and benefits 25,000 households. Challenges include group organization and capital.
2) KAMONOHASHI's community factory model, which employs very low income individuals and conducts research on empowerment. It faces challenges with quality management and marketing.
3) Two conferences that discussed iDE Cambodia's sanitation marketing program that sold over 22,000 toilets, and Impact Investment Exchange Asia, a platform to increase funding for social enterprises.
Original Power Point retrieved from http://www.mrsshirley.net/powerpoint/realidades/grammar/
real1grammar/real1grammar.htm. Educational use granted if credit given to author.
Guía para la gestión del uso de medicamentosMANUEL RIVERA
Este documento presenta propuestas de indicadores y una encuesta de satisfacción para evaluar el uso racional de medicamentos en Chile. Incluye indicadores para medir la gestión, cobertura, costos y calidad de los servicios farmacéuticos. También propone una encuesta para medir la satisfacción de los pacientes con los servicios de farmacia ambulatoria en centros de salud públicos. El objetivo es monitorear y mejorar continuamente los sistemas de medicamentos a nivel público y privado.
The document discusses an agenda for an IoT event that includes topics on where to start with IoT, IoT security, and an IoT practical demonstration. It also provides an overview of IoT, describing it as the connectivity of devices that can collect and analyze data. It recommends starting with sensors for low-volume needs and scaling up to more powerful devices as requirements increase. Finally, it promotes Windows 10 and Azure IoT Hub as platforms for connecting, monitoring, and controlling IoT assets.
TDR - regionalni lider - inovacije kao temelj rasta - poslovni rezultatiTDR d.o.o Rovinj
Predstavljanje poslovnih rezultata za 2013. godinu, 27. rujan 2014. godine u Rovinju
Za više informacija http://www.tdr.hr/novosti_press/novosti/objava_290914.html
The document discusses several album cover designs and evaluates their suitability for inspiration for designing a cover for the band "Fire Drive Tiger". Key points:
- The document analyzes 9 different album covers, commenting on colors, images, layouts, and how well they represent the music genre.
- Covers noted as potentially inspiring include ones with fiery colors, cut-out cartoon-like images of band members, and borders.
- The goal is to create a cover that is artistic, cartoon-like, fun yet rock-and-roll style, to represent Fire Drive Tiger's music.
- The covers of The Ting Tings, Rihanna, and Blur are identified as most inspiring
The document discusses test cases and scenarios for software quality assurance testing. It provides examples of test case structure, including sections for information, activity, results, and an example test case for validating error messages from invalid input values. It also provides an exercise to create test cases for solving a quadratic equation.
Morimoto Context Switching For Fast Key Selection In Text Entry ApplicationsKalle
This paper presents context switching as an alternative to selection by dwell time. The technique trades screen space for comfort and speed. By replicating the interface on two separate regions called contexts, the user can comfortably explore the whole content of a context without the effects of the Midas touch problem. Focus within a context is set by a short dwell time and fast selection is done by switching contexts. We present experimental results for a text entry application with 7 participants that show significant speed
improvement over traditional fixed dwell time gaze controlled keyboards. After 8 sessions, 6 participants were able to type about 12 words per minute (wpm), and the fastest participant was able to type
above 20 wpm with error rate under 2%.
Este documento proporciona una lista de vocabulario español relacionado con la descripción física de personas, las sensaciones corporales, la comida, y el servicio en un restaurante. Incluye palabras para describir el pelo, la estatura, y la apariencia de hombres, mujeres y jóvenes, así como términos para pedir comida y bebida, y para interactuar con meseros.
O documento é muito breve, consistindo de apenas uma palavra repetida duas vezes. Pode-se inferir que o tema é sobre algo que é natural ou ocorre de forma natural, porém não há informações adicionais fornecidas para permitir um resumo mais detalhado.
XNA coding series.
Exercise 1:
Hello World in XNA.
Exercise 2:
Draw 2d image.
Exercise 3:
Using Keyboard and Mouse in a PC game.
Exercise 4:
Crating a Menu system in a PC game.
Exercise 5:
Play MP3 in XNA.
Mc Lendon Using Eye Tracking To Investigate Important Cues For Representative...Kalle
We present an experiment designed to reveal some of the key features
necessary for conveying creature motion. Humans can reliably identify animals shown in minimal form using Point Light Display
(PLD) representations, but it is unclear what information they use when doing so. The ultimate goal for this research is to find recognizable traits that may be communicated to the viewer through motion, such as size and attitude and then to use that information to develop a new way of creating and managing animation and animation controls. The aim of this study was to investigate whether viewers use similar visual information when asked to identify or describe animal motion PLDs and full representations. Participants were shown 20 videos of 10 animals, first as PLD and then in full resolution. After each video, participants were asked to select descriptive
traits and to identify the animal represented. Species identification
results were better than chance for six of the 10 animals when shown PLD. Results from the eye tracking show that participants’
gaze was consistently drawn to similar regions when viewing the PLD as the full representation.
Sheehy manual de urgencia de enfermeríaMANUEL RIVERA
Este documento presenta la versión en español del manual de cuidados de emergencia Sheehy's Manual of Emergency Care. Incluye información sobre los derechos de autor, la advertencia legal sobre la reproducción y la lista de colaboradores que ayudaron a traducir y revisar el manual.
This document summarizes advanced social network and mobile attacks. It discusses threats like malware spam, drive-by downloads, malicious applications, and session hijacking on social networks. It also outlines threats to mobile devices, including vulnerabilities in mobile web browsers, content provider leaks on Android, and zero-day attacks using Google Latitude. Examples are provided of spyware targeting BlackBerry and iPhone users.
Este documento presenta un manual sobre farmacoterapia dirigido a enfermeras con el objetivo de proporcionar información actualizada sobre el tema de una manera práctica y comprensible. El manual describe el proceso de enfermería y cómo se aplica a la administración de medicamentos, incluyendo las fases de valoración, diagnóstico, planificación, ejecución y evaluación. Explica que el manual aborda los contenidos de farmacología desde la perspectiva de la enfermera y siguiendo un enfoque integrador y
A brief overview of the open source technologies available for building social applications on top of social containers such as YAP, iGoogle, Orkut, MySpace, etc.
Leveraging Social Media to Increase Brand Awareness and Drive Leadsncarrier
I presented this pitch at the Portal Excellence Conference in Chicago - July 19, 2010 along with Brian Cheng. The abstract is as follows:
Although anyone can set up a twitter account, create a Facebook fan page, or start a new YouTube channel in a matter of minutes, it takes significantly more effort to maintain and refresh the content on these sites. Even more effort must be invested to ensure the sites are consistent with your organization’s brand and key messages. How do you know if the time invested in social media is worth the effort? In this session, we will discuss the various ways to leverage social media to positively impact your business. We will start by describing the benefits of social media done right and the challenges of social media efforts gone astray. Next, we will both discuss and demonstrate the benefits of syndicating content, which reduces costs while maintaining brand consistency. We will also describe and show some of the key metrics you should track in order to understand the ROI of your social media efforts, as well as the various analytics tools required for this task. Finally, we will cover some tips on how to deal with potential issues as you embark on your social media strategy.
The document discusses an agenda for an IoT event that includes topics on where to start with IoT, IoT security, and an IoT practical demonstration. It also provides an overview of IoT, describing it as the connectivity of devices that can collect and analyze data. It recommends starting with sensors for low-volume needs and scaling up to more powerful devices as requirements increase. Finally, it promotes Windows 10 and Azure IoT Hub as platforms for connecting, monitoring, and controlling IoT assets.
TDR - regionalni lider - inovacije kao temelj rasta - poslovni rezultatiTDR d.o.o Rovinj
Predstavljanje poslovnih rezultata za 2013. godinu, 27. rujan 2014. godine u Rovinju
Za više informacija http://www.tdr.hr/novosti_press/novosti/objava_290914.html
The document discusses several album cover designs and evaluates their suitability for inspiration for designing a cover for the band "Fire Drive Tiger". Key points:
- The document analyzes 9 different album covers, commenting on colors, images, layouts, and how well they represent the music genre.
- Covers noted as potentially inspiring include ones with fiery colors, cut-out cartoon-like images of band members, and borders.
- The goal is to create a cover that is artistic, cartoon-like, fun yet rock-and-roll style, to represent Fire Drive Tiger's music.
- The covers of The Ting Tings, Rihanna, and Blur are identified as most inspiring
The document discusses test cases and scenarios for software quality assurance testing. It provides examples of test case structure, including sections for information, activity, results, and an example test case for validating error messages from invalid input values. It also provides an exercise to create test cases for solving a quadratic equation.
Morimoto Context Switching For Fast Key Selection In Text Entry ApplicationsKalle
This paper presents context switching as an alternative to selection by dwell time. The technique trades screen space for comfort and speed. By replicating the interface on two separate regions called contexts, the user can comfortably explore the whole content of a context without the effects of the Midas touch problem. Focus within a context is set by a short dwell time and fast selection is done by switching contexts. We present experimental results for a text entry application with 7 participants that show significant speed
improvement over traditional fixed dwell time gaze controlled keyboards. After 8 sessions, 6 participants were able to type about 12 words per minute (wpm), and the fastest participant was able to type
above 20 wpm with error rate under 2%.
Este documento proporciona una lista de vocabulario español relacionado con la descripción física de personas, las sensaciones corporales, la comida, y el servicio en un restaurante. Incluye palabras para describir el pelo, la estatura, y la apariencia de hombres, mujeres y jóvenes, así como términos para pedir comida y bebida, y para interactuar con meseros.
O documento é muito breve, consistindo de apenas uma palavra repetida duas vezes. Pode-se inferir que o tema é sobre algo que é natural ou ocorre de forma natural, porém não há informações adicionais fornecidas para permitir um resumo mais detalhado.
XNA coding series.
Exercise 1:
Hello World in XNA.
Exercise 2:
Draw 2d image.
Exercise 3:
Using Keyboard and Mouse in a PC game.
Exercise 4:
Crating a Menu system in a PC game.
Exercise 5:
Play MP3 in XNA.
Mc Lendon Using Eye Tracking To Investigate Important Cues For Representative...Kalle
We present an experiment designed to reveal some of the key features
necessary for conveying creature motion. Humans can reliably identify animals shown in minimal form using Point Light Display
(PLD) representations, but it is unclear what information they use when doing so. The ultimate goal for this research is to find recognizable traits that may be communicated to the viewer through motion, such as size and attitude and then to use that information to develop a new way of creating and managing animation and animation controls. The aim of this study was to investigate whether viewers use similar visual information when asked to identify or describe animal motion PLDs and full representations. Participants were shown 20 videos of 10 animals, first as PLD and then in full resolution. After each video, participants were asked to select descriptive
traits and to identify the animal represented. Species identification
results were better than chance for six of the 10 animals when shown PLD. Results from the eye tracking show that participants’
gaze was consistently drawn to similar regions when viewing the PLD as the full representation.
Sheehy manual de urgencia de enfermeríaMANUEL RIVERA
Este documento presenta la versión en español del manual de cuidados de emergencia Sheehy's Manual of Emergency Care. Incluye información sobre los derechos de autor, la advertencia legal sobre la reproducción y la lista de colaboradores que ayudaron a traducir y revisar el manual.
This document summarizes advanced social network and mobile attacks. It discusses threats like malware spam, drive-by downloads, malicious applications, and session hijacking on social networks. It also outlines threats to mobile devices, including vulnerabilities in mobile web browsers, content provider leaks on Android, and zero-day attacks using Google Latitude. Examples are provided of spyware targeting BlackBerry and iPhone users.
Este documento presenta un manual sobre farmacoterapia dirigido a enfermeras con el objetivo de proporcionar información actualizada sobre el tema de una manera práctica y comprensible. El manual describe el proceso de enfermería y cómo se aplica a la administración de medicamentos, incluyendo las fases de valoración, diagnóstico, planificación, ejecución y evaluación. Explica que el manual aborda los contenidos de farmacología desde la perspectiva de la enfermera y siguiendo un enfoque integrador y
A brief overview of the open source technologies available for building social applications on top of social containers such as YAP, iGoogle, Orkut, MySpace, etc.
Leveraging Social Media to Increase Brand Awareness and Drive Leadsncarrier
I presented this pitch at the Portal Excellence Conference in Chicago - July 19, 2010 along with Brian Cheng. The abstract is as follows:
Although anyone can set up a twitter account, create a Facebook fan page, or start a new YouTube channel in a matter of minutes, it takes significantly more effort to maintain and refresh the content on these sites. Even more effort must be invested to ensure the sites are consistent with your organization’s brand and key messages. How do you know if the time invested in social media is worth the effort? In this session, we will discuss the various ways to leverage social media to positively impact your business. We will start by describing the benefits of social media done right and the challenges of social media efforts gone astray. Next, we will both discuss and demonstrate the benefits of syndicating content, which reduces costs while maintaining brand consistency. We will also describe and show some of the key metrics you should track in order to understand the ROI of your social media efforts, as well as the various analytics tools required for this task. Finally, we will cover some tips on how to deal with potential issues as you embark on your social media strategy.
OpenID UX Summit - Lessons Learned from RPXguest8f42667
The document discusses lessons learned and best practices for OpenID relying parties. It recommends simplifying login/registration flows and engaging users quickly. OpenID allows users to easily move between sites without re-entering profile information or creating new passwords. The interface design is important, and immediate login modes and combining login/registration into a single flow improve the user experience. Profile data and verified emails can also be transported via OpenID to reduce form filling.
Workshop Mesh up Presentation of the Alumni Portal Deutschland in Jakarta. Almost all slides originate from Slideshare.com. Please see the last chart for links to the presentations I used. Anybody should read the original documents to get the whole story. Thanks to all the brilliant people out there, who published their presentations on slideshare.com.
In this webinar, Carmine Porco, GM and VP of Client Deliverables at Prescient, walks through several social media tools, explaining their pros and cons, their benefits to an organization, and the ideal intranet environment to support them.
View the webinar video here: http://bit.ly/cawgmh
The document discusses opportunities and threats related to social networks. It notes that 70% of web users visit social networks, with major platforms like Facebook, MySpace, Twitter, and LinkedIn having hundreds of millions of users each. However, it also outlines privacy and security risks like identity theft, malware propagation, and corporate data leakage that social networks can enable if not used carefully. The document provides an overview of these risks and threats as well as recommendations for safe social network usage.
The document discusses insecure trends in web 2.0 applications, noting that while usability and simplicity are important, security ("keep it simple, stupid, and secure") has been overlooked. Several specific insecure practices are outlined, such as not requiring current passwords when changing them, excessive personal information sharing online, weak password policies, and overuse of external components, APIs, and widgets. The document argues these issues stem from a lack of security best practices and prioritization of speed and money over security in web 2.0 development.
The document discusses emerging technologies for learning including distributed cloud computing, smart mobile technology, collaborative intelligent filtering, 3D visualization, and learner analytics. It argues that these technologies will transform learning by taking classrooms into the real world through ubiquitous connectivity between personal devices, augmented reality, and connecting existing data for new uses through an extended semantic web. The future of learning is predicted to involve mobile and ambient learning, augmented reality, games-based learning, gesture computing and more intelligent connections between information, people and devices.
1. Cyber threats continue to evolve and take new forms, with traditional anti-virus approaches no longer sufficient against modern threats. New malicious programs are being created faster than legitimate software.
2. Social engineering and phishing attacks targeting individual users directly will increase in popularity and become a primary attack vector in 2010.
3. As new platforms like Windows 7 and smartphones gain popularity, attackers will develop new exploits targeting these systems, and malware affecting Macs and mobile devices will rise.
This document discusses cybercrime trends in India. It notes that India's growing internet population makes it an attractive target for cybercriminals. Malware authors are targeting India more by localizing attacks and leveraging popular search terms and news events. India contributes about 8% of global DDoS attacks and is a major source of spam. The document warns that financial motivation is the primary driver of malware now and threats are becoming more sophisticated. It emphasizes the need for improved user awareness and education to address India's cybersecurity challenges.
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009ClubHack
This document discusses cybercrime trends in India. It notes that India's growing internet population makes it an attractive target for cybercriminals. Malware authors are targeting India more by localizing attacks and leveraging popular search terms and news events. India contributes about 8% of global DDoS attacks and is a major source of spam. The document warns that financial motivation is the primary driver of malware now and threats are becoming more sophisticated. It calls for improved user awareness and education to address the growing malware problem.
Web Application Social Engineering Vulnerabilitiesmvcooley
In this presentation from Triangle Infosecon 2011, we discuss common web application vulnerabilities which could be leveraged for social engineering attacks.
How To Protect Your Website From Bot Attacks is a one-hour continuing education course. After successfully completing the course and final exam, you will be awarded a certificate of completion that you can use towards fulfilling your continuing education requirements.
This document discusses key aspects of Web 2.0 including interpersonal computing, web services, and software as a service (SaaS). Examples of Web 2.0 include wikis, blogs, social networking sites, and viral videos. The core principles involve improved interconnections between resources and harnessing collective intelligence. However, threats exist such as viruses spread through social media sites, and protection through antivirus software and safe online practices is important.
This document outlines an agenda for a Barcamp event on anonymity on the internet. The agenda includes introductions on anonymity and the group Anonymous, how to browse anonymously using techniques like private browsing modes, proxy servers and the Tor network, and how to potentially trace user identities online. It concludes with references for further information and a demo comparing browsing with and without Tor anonymity software.
This document outlines an agenda for a Barcamp event on anonymity on the internet. The agenda includes introductions on anonymity and the group Anonymous, how to browse anonymously using tools like Tor and private browsing, and how user identities can be traced online. It concludes with references and a demo comparing browsing with and without Tor anonymity software.
This document discusses various topics related to social media, digital networks, and online collaboration tools. It provides information on social networks, changes in technology and media formats, cultural movements enabled by technology, implications of user-generated content, and various online platforms like YouTube, Vimeo, Facebook, Twitter, and others. It also mentions concepts like open source software, APIs, Creative Commons, and discusses tools for video sharing, live streaming, social bookmarking, blogging, and more.
This document discusses identity theft and provides an overview of protection methods. It begins by defining identity theft as the compromise and fraudulent use of personal data like date of birth, social security number, financial information, and contact details. It then evaluates criminal methodologies such as hacking, malware, keyloggers, and phishing scams that thieves use. Finally, it considers protective solutions like firewalls, antivirus software, endpoint security, and using cloud services to secure systems and monitor unauthorized data transfers.
This is a PPT of SOCIAL MEDIA THREATS AND THEIR PREVENTION. This is help full for learning. Thanks.
Social media offers an outlet for people to connect, share life experiences, pictures and video. But too much sharing—or a lack of attention to impostors—can lead to a compromise of business and personal accounts.
Attackers often use social media accounts during the reconnaissance phase of a social engineering or phishing attack. Social media can give attackers a platform to impersonate trusted people and brands or the information they need carry out additional attacks, including social engineering and phishing.
Similar to Social Networking Security Workshop (20)
This document outlines various mobile application security vulnerabilities and methods for assessing mobile application security. It discusses insecure network protocols, cryptographic weaknesses, privacy issues related to data storage, authentication and session management vulnerabilities, environmental interaction risks, and challenges of securing mobile applications against reverse engineering. It provides examples of specific vulnerabilities discovered in mobile applications and frameworks. The document promotes applying a defense-in-depth approach to mobile application security based on the OWASP Mobile Application Security Verification Standard (MASVS).
This document discusses a project called CARzyPire that involves using a Raspberry Pi Zero W, Crazyradio PA, and PowerShell Empire installed on a remote-controlled car to conduct penetration testing. It provides instructions on setting up the necessary hardware and software, including customizing a PowerShell Empire payload to bypass Windows Defender and creating a Duckyscript to deliver the payload. The payload would then be delivered to targets using the remote-controlled car and Crazyradio PA's ability to hijack wireless keyboards and mice. Control of any successful implants would be maintained using PowerShell Empire's web interface.
The document discusses various techniques for exploiting web applications, beginning with older techniques like exploiting default admin paths, uploading web shells, and SQL injection, and progressing to more modern attacks against content management systems and frameworks. It provides examples of each technique and emphasizes exploiting vulnerabilities like file inclusion and stored procedures to achieve remote code execution. The instructor profile indicates extensive security experience and certifications. The organization Secure D Center is introduced as focusing on cybersecurity services across Southeast Asia.
The session will provide the risk of insecure mobile application development in various types with demonstration; Client-side, Communication channel and Server side. The presentation includes case study of insecure development practice which lead attacker to abuse the vulnerable application (e.g. Coin/Gem cheating on gaming app, Bypassing security control on client-side and server-side).
The document discusses the Mobile Application Security Verification Standard (MASVS) project from OWASP. It provides an overview of the MASVS levels and describes the eight verification requirements areas: 1) Architecture, Design and Threat Modeling; 2) Data Storage and Privacy; 3) Cryptography; 4) Authentication and Session Management; 5) Network Communication; 6) Platform Interaction; 7) Code Quality and Build Setting; and 8) Resilience. Each verification requirement area includes example requirements and references related information. The goal of MASVS is to provide a standard way to verify the security of mobile apps and help developers build more secure apps.
TL;DR
Motivation
Dynamic binary instrumentation
FRIDA
DBI without rooting / jailbreaking
Unleash the power of Frida
Case study for runtime exploitation
Countermeasure
References
The document discusses the WannaCry ransomware attack of May 2017. It begins with an overview of ransomware, including what it is, how it spreads, and examples like CryptoLocker and WannaCry. It then details the global WannaCry attack, how it exploited the EternalBlue vulnerability to encrypt files and demand ransom payments in Bitcoin. Key lessons are around patching systems promptly, having backups, and following best practices to prevent ransomware infection and limit damage. The timeline shows the lead up to WannaCry, from the Shadow Brokers leak of NSA tools to Microsoft releasing an emergency patch once the attacks began.
The document summarizes the key findings of a report analyzing 126 popular mobile health and finance apps. It found that while consumers and executives believe their apps are secure, 90% of apps tested had at least two of the top 10 mobile security risks as defined by OWASP. Specifically, 98% lacked binary protections and 83% had insufficient transport layer protection. The document then outlines the 10 most critical mobile security risks according to OWASP, including improper platform usage, insecure data storage, insecure communication, and extraneous functionality.
Prathan Phongthiproek, a manager at KPMG Thailand, gave a presentation on mobile application attacks at the Cyber Defense Initiative Conference (CDIC) 2016. The presentation covered various attack vectors for both Android and iOS applications, including user input attacks, abusing application components, insecure data storage, manipulating binary and storage files, bypassing root/jailbreak detection, and intercepting network traffic. For each attack vector, the presentation estimated the potential damage level and threat level. The goal was to help organizations better understand mobile application security risks and implement proper countermeasures.
The document discusses the benefits of exercise for mental health. It states that regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against developing mental illness and improve symptoms for those who already suffer from conditions like anxiety and depression.
The document discusses vulnerabilities in point-of-sale (POS) systems, including data in memory, data at rest, data in transit, and application code/configuration vulnerabilities. It describes different POS deployment models and their pros and cons in terms of security. A case study examines physical and network security issues found during a pentest of a retail store's POS system, including sensitive data exposure over the network. Recommended protections include minimizing data exposure, encryption of data in memory, in transit, and at rest, and avoiding storage of sensitive data.
This document discusses penetration testing methodologies and best practices. It emphasizes that penetration testing involves more than just tools - it requires following a proper methodology, managing risks, and providing targeted recommendations to clients. It provides examples of penetration testing case studies and highlights the importance of going beyond automated scans to conduct manual testing of authentication, authorization, business logic, and client-side vulnerabilities. The document stresses that penetration testers should think creatively and "outside the box" to identify security issues rather than just trusting scan results.
The document discusses security issues related to mobile applications. It describes how mobile apps now offer many more services than basic phone calls and texts. This expanded functionality introduces new attack surfaces, including the client software on the device, the communication channel between the app and server, and server-side infrastructure. Some common vulnerabilities discussed are insecure data storage on the device, weaknesses in data encryption, SQL injection, and insecure transmission of sensitive data like credentials over the network. The document also provides examples of techniques for analyzing app security like reverse engineering the app code and using a proxy like Burp Suite to intercept network traffic.
The document discusses common web application vulnerabilities like SQL injection, cross-site scripting (XSS), file inclusion, and remote code execution. It provides examples of each vulnerability type and how they can be exploited. Methods for detecting and preventing these vulnerabilities are also covered, including input validation, output encoding, limiting dangerous functions, and using tools like RIPS scanner to detect vulnerabilities.
The document summarizes a presentation on advanced mobile penetration testing. It discusses attacking three surfaces: the client software on mobile devices, the communications channel, and server-side infrastructure. It provides examples of exploiting iOS and Android applications, such as decompiling code, intercepting traffic with proxies, and accessing embedded data and databases. The presentation emphasizes fast, hands-on techniques and tools for assessing mobile application security.
This document introduces Web Application Firewall (WAF) and discusses techniques for bypassing WAF protections, including SQL injection, cross-site scripting, file inclusion, HTTP parameter contamination, and HTTP pollution attacks. It provides examples of bypassing specific WAF vendors and open source WAFs like ModSecurity and PHPIDS. While WAFs can block some attacks, the document argues they cannot eliminate all vulnerabilities and proper secure coding is still needed. It concludes that WAFs may succeed or fail depending on configurations and imaginative attacks.
The document discusses security and privacy challenges in the digital age, focusing on client-side or "layer 8" hacking techniques that target human vulnerabilities. It describes how hackers gather information on targets from social media, documents, and email to craft spear phishing attacks. The document also outlines automated exploitation techniques using known vulnerabilities in browsers, plugins and applications, demonstrating how hackers can easily compromise systems without any user interaction. It emphasizes the importance of user awareness training, security policies, and sanitizing public documents and files to reduce the risks of these client-side attacks.
The document discusses security challenges posed by modern malware and web-based attacks. It provides examples of next-generation malware that bypass antivirus detection using techniques like embedding malicious code in Office documents or PDF files. It also discusses how web-based malware has evolved from defacements and DDoS tools to more advanced drive-by download attacks using exploit kits. The document aims to demonstrate malware analysis techniques and how to detect web server backdoors through tools and manual source code reviews. It concludes with a challenge to practice security skills safely.
This document provides an overview of mobile phone forensic analysis, focusing on analysis of the iPhone. It discusses jailbreaking iPhones to allow forensic acquisition and analysis of file systems. It also discusses analyzing iTunes backup files from iPhones, which can contain data like call history, SMS messages, photos and more. Tools are presented for extracting and analyzing data from both jailbroken iPhones and iTunes backup files. The document emphasizes the importance of forensic soundness when acquiring data from mobile devices.
9. ACIS Professional Center
Koobface Attack Step: 2
เว็บไซต์ที่แฮกเกอร์เตรียมไว้ เพื่อหลอกล่อให้เหยื่อติดตั้ง Adobe Flash Player
www.acisonline.net/snscon2010
10. ACIS Professional Center
Koobface Attack Step: 3
ตัวอย่างข้อความที่ส่งออกไปยังสมาชิกคนอื่นๆ หลังจากที่เหยื่อติด Worm Koobface
See The Others in “Social Networking Security Live Show”
www.acisonline.net/snscon2010
11. Social Networking Security Conference 2010
Short Descriptions To Gen-Y
Pop Culture Own All Gadgets
Working with PC Eminem/ Britney Fans
Harry Potter Series
Social Networking
11
www.acisonline.net/snscon2010
12. Gen-Y Behaviors
Continually connected
Speak their own language
Skeptical of authority
Influenced by peers
Seek recognition and fame
Enjoy absurdity and off humor
Embrace subcultures
Skim text and information quickly
Easily bored
Expressive and digitally creative
www.acisonline.net/snscon2010
13. Social Networking Security Conference 2010
Percentage of staff using their PC for personal reasons
Percentage
90
80
70
60
50
40
30
20
10
0
Email Websites Banking/ Social
Personal Networking
Finance
13 www.acisonline.net/snscon2010
14. Social Networking Security Conference 2010
How do the Gen Y bypass enterprise control to visit
social networking?
Gen Y Hack Tools
See Full Version in “Social Networking Security Live Show”
14 www.acisonline.net/snscon2010
16. Social Networking Security Conference 2010
What is "Good Sites Gone Bad"?
The web’s greatest accomplishments have become its
biggest threats. Compromised sites, user-generated content
and social networks challenge traditional domain-based trust
mechanisms.
The growth of the web has outpaced traditional URL filters.
Web applications bypass legacy file-based anti-virus
engines.
Search engine optimization and trending topics are used by
attackers to increase their attack performance.
16 www.acisonline.net/snscon2010
27. Social Networking Security Conference 2010
Simple URL Shorten on Twitter
27 www.acisonline.net/snscon2010
28. Social Networking Security Conference 2010
Twitter Attack via URL Shortener
28 www.acisonline.net/snscon2010
29. Social Networking Security Conference 2010
Twitter Attack with Drive-By-Download
29 www.acisonline.net/snscon2010
30. Social Networking Security Conference 2010
Drive by Download – Java Applet
30 www.acisonline.net/snscon2010
31. Social Networking Security Conference 2010
Drive by download-attack
(1) Client visit the landing page
(2) Redirect to get exploit
(3) Redirect to get exploit
Victim
(4) Download exploit
31 www.acisonline.net/snscon2010
32. Social Networking Security Conference 2010
Threats from Bad sites
Spyware
Adware Viruses
Unwanted/
offensive Trojans
content
Potentially
unwanted Worms
applications
Phishing
32 www.acisonline.net/snscon2010
33. Social Networking Security Conference 2010
How to Protect yourself from Bad sites
Windows Patch, Browser, Macromedia, Acrobat Update
Use a desktop browser that includes anti-phishing and
anti-malware blockers. Microsoft’s Internet Explorer,
Mozilla Firefox, and Opera all provide security features to block
malicious sites.
Enable a firewall and apply all Microsoft operating system
updates. Avoid using pirated software
33 www.acisonline.net/snscon2010
50. Social Networking Security Conference 2010
Results from tools (Maltego)
50 www.acisonline.net/snscon2010
51. Social Networking Security Conference 2010
Open Source Intelligence for Information Gathering
Ref: http://www.onstrat.com/osint/
51 www.acisonline.net/snscon2010
82. Social Networking Security Conference 2010
ข้อมูลการติดต่อที่ไม่อยากให้ใครติดต่อ (เทคนิคการซ่อน
ข้อมูล)
Set Privacy to Friend Only
82 www.acisonline.net/snscon2010
83. Social Networking Security Conference 2010
เทคนิคการเลิกใช้แบบถาวรทําอย่างไร
83 www.acisonline.net/snscon2010
84. Social Networking Security Conference 2010
เทคนิคการเลิกใช้แบบถาวรทําอย่างไร
84 www.acisonline.net/snscon2010
92. Social Networking Security Conference 2010
รวมกลเม็ด และ เทคนิคการรักษาความปลอดภัยที่ควรรู้
สําหรับการใช้ Facebook Twitter, Linkedin, Google,
Hi5 และ YouTube
Don’t click on links or open attachments in suspicious emails.
Be wary of where you enter your password.
Be suspicious of emails or messages that contain misspellings or use bad grammar, especially if they’re
from someone who is usually a good writer.
Make sure you have an up-to-date web browser equipped with an anti-phishing blacklist.
Make sure you have up-to-date comprehensive security software on your computer that includes anti-
virus, anti-spyware, anti-phishing, and a firewall.
Make sure you've set your operating system to update automatically.
Make sure you’ve listed a security question and answer for your online accounts
Don’t share your passwords with anyone.
Use different passwords for your various online accounts.
Use a complex password that can’t be easily guessed.
Remember that you choose what you share and with whom you share it.
92 www.acisonline.net/snscon2010