Доставка зловредов через облака
•
0 likes•1,473 views
Для всех популярных облачных провайдеров данных существуют сервисы, позволяющие анонимно загружать файлы в расшаренные пользователями хранилища. Примерами таких сервисов могут служить Dropittome, Balloon, Cloudwok, Sookasa. С учетом того, что конечные пользователи часто устанавливают клиенты для синхронизации с облаком, данный способ доставки зловредов на компьютер жертвы становится весьма действенным.
Report
Share
Report
Share
Recommended
Tapping into the core
The document discusses how modern Intel CPUs contain debugging features like JTAG that could enable hardware trojans if activated. It describes how the Intel Direct Connect Interface allows activating JTAG-like debugging over USB, potentially allowing full system control. It demonstrates activating DCI on a laptop through the UEFI and explains how to detect if DCI is enabled. The document warns that DCI could lead to a "new age of BadUSB" if used maliciously.
Secret of Intel Management Engine by Igor Skochinsky
Intel Management Engine ("ME") is a dedicated microcontroller embedded in all recent Intel motherboard chipsets. It works independently from the main CPU, can be active even when the rest of the system is powered off, and has a dedicated connection to the network interface for out-of-band networking which bypasses the main CPU and the installed OS. It not only performs the management tasks for which it was originally designed, but also implements features such as Intel Identity Protection Technology (IPT), Protected Audio-Video Path, Intel Anti-Theft, Intel TPM, NFC communication and more. There is not much info available about how exactly it works, and this talk aims to fill the gap and describe the low-level details.
Igor Skochinsky
Igor Skochinsky is currently one of the main developers of the world-famous Interactive Disassembler and Hex-Rays Decompiler. Even before joining Hex-Rays in 2008 he had been interested in reverse engineering for a long time and had brief periods of Internet fame after releasing a dumper for DRM-ed iTunes files (QTFairUse6) and hacking the original Amazon Kindle. He spoke previously at Recon, Breakpoint and Hack.LU.
Halvar Flake: Why Johnny can’t tell if he is compromised
This document discusses the difficulty of determining if a computer system is compromised. It outlines several checks that could be done to verify control, such as verifying signatures on software binaries, firmware, and scripts. However, it finds that all of these checks ultimately fail due to issues like a lack of transparency, lack of standardization, and the potential for signing keys to be stolen without detection. It argues that fundamental changes are needed to infrastructure and practices to enable determining control, such as reducing the number of trusted code signing authorities, increasing transparency in software updates and signing processes, and reducing opacity in firmware and coprocessors.
インテルMEの秘密 - チップセットに隠されたコードと、それが一体何をするかを見出す方法 - by イゴール・スコチンスキー - Igor Skochinsky
最近のすべてのIntelのマザーボードのチップセットに組み込まれた専用マイクロコントローラであるIntel Management Engine(ME)はシステム電源がオフの場合でもメインCPUから独立して動作しネットワークインターフェースへの専用接続を持っている。その構造分析と攻撃を受ける可能性および対策について解説。
インテルマネージメントエンジン("ME")は最近のインテル系マザーボードチップセットに組み込まれてる専用のマイクロコントローラです。 マザーボードのメインのCPUから完全に独立しており、システムが稼働していなくとも稼働でき、 ネットワークインターフェイスへの専属のコネクションを持っている為メインの CPUとインストールされているOSを回避するout-of-bound通信が可能です。 従来の目的に関連する管理タスクの処理だけに止まらず、Intel Identity Protection Technology(IPT)、Protected Audio-Video Path、Intel Anti-Theft, Intel TPM, NFC 通信などの様々な機能を実装しています。 現在、 このマイクロコントローラがどのように動くかについて関する情報は非常に少なく、本プレゼンテーションでは情報のギャップを埋める共に低レイヤーに関する詳細について話す予定です。
イゴール・スコチンスキー - Igor Skochinsky
イゴール・スコチンスキーは、世界的に有名なInteractive DissasemblerとHex-Rays Decompilerの主要開発者の1人として活躍中。 2008年にHex-Raysと合流する以前 からリバースエンジニアリングに興味を持ち、iTunesのDRMを解除するQTFairUse6と初期のアマゾンキンドル端末のハックで名声を得る。 Recon,Breakpointと Hack.LUなどにて講演。
CODE BLUE 2014 : BadXNU, A rotten apple! by PEDRO VILAÇA
This document discusses various techniques for bypassing security measures and loading kernel rootkits on Apple operating systems like OS X. It describes how to leverage features like TrustedBSD and AppleHWAccess to gain kernel code execution. It also notes several kernel vulnerabilities that could enable privilege escalation, and argues that OS X security is not very effective overall. The speaker claims there are many ways to load rootkits despite code signing requirements.
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
A Security Barrier Device protects PC and other control devices by relaying every port between the motherboard and the peripherals. The SBD is totally transparent from the PC and can be installed regardless of OS or application. At this presentation I will discuss the storage securing function achieved by the SBD relaying the SATA port.
The SBD has a security information disk only accessible to itself where it stores the access privilege information of the original disk in the PC. When the PC issues a data access request to the original disk, the SBD will reference the access privileges of that particular sector, if the sector is read-deny then returns dummy data of 0 , if the sector is write-deny then it won’t write to that sector. The SBD not only allows for sector based protection but also a file based protection. In case of a file write-deny, there were some issues with the disc related cache in memory not being synchronised or the pointer’s position to the file in regards to its directory being shifted , but I will show how it was solved.
I will also talk about the fact that a SBD is an effective protection against any malware that attempts to manipulate the boot data sector or system files, once it detects any access right violations it can shutdown the ethernet port remotely and thwart the spreading of malware.
Kenji Toda
At the National Institute of Advanced Industrial Science and Technology conducted research and development of 30 Gbps intrusion detection systems , 60 Gbps URL filtering systems and or network devices testing equipment for such systems. Currently co-developing security barrier devices with the Research and Development Control System Security Center. (Presented at international conferences regarding MST and real-time systems)
http://codeblue.jp/en-speaker.html#KenjiToda
Protected Process Light will be Protected – MemoryRanger Fills the Gap Again
This document discusses Protected Process Light (PPL) and how it protects process memory on Windows. PPL adds a protection field to the EPROCESS structure that is set during process creation to mark a process as protected. When another process tries to open a protected process, Windows performs access checks using the protection levels to restrict access even for processes running with debug privileges. This helps prevent malware and other unauthorized processes from accessing sensitive memory of protected processes like LSASS.
UEFI Firmware Rootkits: Myths and Reality
Earlier this month, we teased a proof of concept for UEFI ransomware which was presented at RSA Conference 2017. The HackingTeam, Snowden, Shadow Brokers, and Vault7 leaks have revealed that UEFI/BIOS implants aren't just a theoretical concept but have actually been weaponized by nation states to conduct cyber espionage. Physical access requirements are a thing of the past, these low level implants can be installed remotely by exploiting vulnerabilities in the underlying UEFI system.
Today at BlackHat Asia 2017, we are disclosing two vulnerabilities in two different models of the GIGABYTE BRIX platform:
GB-BSi7H-6500 – firmware version: vF6 (2016/05/18)
GB-BXi7-5775 – firmware version: vF2 (2016/07/19)
Recommended
Tapping into the core
The document discusses how modern Intel CPUs contain debugging features like JTAG that could enable hardware trojans if activated. It describes how the Intel Direct Connect Interface allows activating JTAG-like debugging over USB, potentially allowing full system control. It demonstrates activating DCI on a laptop through the UEFI and explains how to detect if DCI is enabled. The document warns that DCI could lead to a "new age of BadUSB" if used maliciously.
Secret of Intel Management Engine by Igor Skochinsky
Intel Management Engine ("ME") is a dedicated microcontroller embedded in all recent Intel motherboard chipsets. It works independently from the main CPU, can be active even when the rest of the system is powered off, and has a dedicated connection to the network interface for out-of-band networking which bypasses the main CPU and the installed OS. It not only performs the management tasks for which it was originally designed, but also implements features such as Intel Identity Protection Technology (IPT), Protected Audio-Video Path, Intel Anti-Theft, Intel TPM, NFC communication and more. There is not much info available about how exactly it works, and this talk aims to fill the gap and describe the low-level details.
Igor Skochinsky
Igor Skochinsky is currently one of the main developers of the world-famous Interactive Disassembler and Hex-Rays Decompiler. Even before joining Hex-Rays in 2008 he had been interested in reverse engineering for a long time and had brief periods of Internet fame after releasing a dumper for DRM-ed iTunes files (QTFairUse6) and hacking the original Amazon Kindle. He spoke previously at Recon, Breakpoint and Hack.LU.
Halvar Flake: Why Johnny can’t tell if he is compromised
This document discusses the difficulty of determining if a computer system is compromised. It outlines several checks that could be done to verify control, such as verifying signatures on software binaries, firmware, and scripts. However, it finds that all of these checks ultimately fail due to issues like a lack of transparency, lack of standardization, and the potential for signing keys to be stolen without detection. It argues that fundamental changes are needed to infrastructure and practices to enable determining control, such as reducing the number of trusted code signing authorities, increasing transparency in software updates and signing processes, and reducing opacity in firmware and coprocessors.
インテルMEの秘密 - チップセットに隠されたコードと、それが一体何をするかを見出す方法 - by イゴール・スコチンスキー - Igor Skochinsky
最近のすべてのIntelのマザーボードのチップセットに組み込まれた専用マイクロコントローラであるIntel Management Engine(ME)はシステム電源がオフの場合でもメインCPUから独立して動作しネットワークインターフェースへの専用接続を持っている。その構造分析と攻撃を受ける可能性および対策について解説。
インテルマネージメントエンジン("ME")は最近のインテル系マザーボードチップセットに組み込まれてる専用のマイクロコントローラです。 マザーボードのメインのCPUから完全に独立しており、システムが稼働していなくとも稼働でき、 ネットワークインターフェイスへの専属のコネクションを持っている為メインの CPUとインストールされているOSを回避するout-of-bound通信が可能です。 従来の目的に関連する管理タスクの処理だけに止まらず、Intel Identity Protection Technology(IPT)、Protected Audio-Video Path、Intel Anti-Theft, Intel TPM, NFC 通信などの様々な機能を実装しています。 現在、 このマイクロコントローラがどのように動くかについて関する情報は非常に少なく、本プレゼンテーションでは情報のギャップを埋める共に低レイヤーに関する詳細について話す予定です。
イゴール・スコチンスキー - Igor Skochinsky
イゴール・スコチンスキーは、世界的に有名なInteractive DissasemblerとHex-Rays Decompilerの主要開発者の1人として活躍中。 2008年にHex-Raysと合流する以前 からリバースエンジニアリングに興味を持ち、iTunesのDRMを解除するQTFairUse6と初期のアマゾンキンドル端末のハックで名声を得る。 Recon,Breakpointと Hack.LUなどにて講演。
CODE BLUE 2014 : BadXNU, A rotten apple! by PEDRO VILAÇA
This document discusses various techniques for bypassing security measures and loading kernel rootkits on Apple operating systems like OS X. It describes how to leverage features like TrustedBSD and AppleHWAccess to gain kernel code execution. It also notes several kernel vulnerabilities that could enable privilege escalation, and argues that OS X security is not very effective overall. The speaker claims there are many ways to load rootkits despite code signing requirements.
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
A Security Barrier Device protects PC and other control devices by relaying every port between the motherboard and the peripherals. The SBD is totally transparent from the PC and can be installed regardless of OS or application. At this presentation I will discuss the storage securing function achieved by the SBD relaying the SATA port.
The SBD has a security information disk only accessible to itself where it stores the access privilege information of the original disk in the PC. When the PC issues a data access request to the original disk, the SBD will reference the access privileges of that particular sector, if the sector is read-deny then returns dummy data of 0 , if the sector is write-deny then it won’t write to that sector. The SBD not only allows for sector based protection but also a file based protection. In case of a file write-deny, there were some issues with the disc related cache in memory not being synchronised or the pointer’s position to the file in regards to its directory being shifted , but I will show how it was solved.
I will also talk about the fact that a SBD is an effective protection against any malware that attempts to manipulate the boot data sector or system files, once it detects any access right violations it can shutdown the ethernet port remotely and thwart the spreading of malware.
Kenji Toda
At the National Institute of Advanced Industrial Science and Technology conducted research and development of 30 Gbps intrusion detection systems , 60 Gbps URL filtering systems and or network devices testing equipment for such systems. Currently co-developing security barrier devices with the Research and Development Control System Security Center. (Presented at international conferences regarding MST and real-time systems)
http://codeblue.jp/en-speaker.html#KenjiToda
Protected Process Light will be Protected – MemoryRanger Fills the Gap Again
This document discusses Protected Process Light (PPL) and how it protects process memory on Windows. PPL adds a protection field to the EPROCESS structure that is set during process creation to mark a process as protected. When another process tries to open a protected process, Windows performs access checks using the protection levels to restrict access even for processes running with debug privileges. This helps prevent malware and other unauthorized processes from accessing sensitive memory of protected processes like LSASS.
UEFI Firmware Rootkits: Myths and Reality
Earlier this month, we teased a proof of concept for UEFI ransomware which was presented at RSA Conference 2017. The HackingTeam, Snowden, Shadow Brokers, and Vault7 leaks have revealed that UEFI/BIOS implants aren't just a theoretical concept but have actually been weaponized by nation states to conduct cyber espionage. Physical access requirements are a thing of the past, these low level implants can be installed remotely by exploiting vulnerabilities in the underlying UEFI system.
Today at BlackHat Asia 2017, we are disclosing two vulnerabilities in two different models of the GIGABYTE BRIX platform:
GB-BSi7H-6500 – firmware version: vF6 (2016/05/18)
GB-BXi7-5775 – firmware version: vF2 (2016/07/19)
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces
MemoryRanger is a hypervisor-based project, which isolates kernel-mode drivers and their allocated data by running drivers in isolated kernel enclaves.
All the details are here - bit.ly/MemoryRanger
Android forensics an Custom Recovery Image
Mobile Forensic Process
Different Mobile Forensic Scenario
Acquisition Guide
Challenges of Android Forensics
How to Circumvent the Pass Code
Types Of Analyses(Logical analysis)
Types Of Analyses(Physical analysis)
Android Partition Layout
Custom Recovery Modifications
How Data are Stored In Android
Example of Useful Data extracted from Android Image
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...
GNOME desktop environment stores user’s credentials in process memory, which poses an obvious danger and needs to be fixed. The competitive advantage of the proposed security tool (MimiDove) includes its ability to quickly detect and remove passwords containing both ASCII characters and Unicode characters.
MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows Kernel
I have presented that files open in an exclusive mode can be illegally accessed without any security reaction. After that, I’ve presented my MemoryRanger, which can prevent such unauthorized memory access.
All the details are here - https://igorkorkin.blogspot.com/2019/04/memoryranger-prevents-hijacking.html
Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory Access
The demo is here - https://www.youtube.com/watch?v=vi9TzLrO_pE
All details and source code are here - http://www.bit.ly/MemoryMonRWX
Modern malware and spyware platforms attack existing antivirus solutions and even Microsoft PatchGuard. To protect users and business systems new technologies developed by Intel and AMD CPUs may be applied. To deal with the new malware we propose monitoring and controlling access to the memory in real time using Intel VT-x with EPT. We have checked this concept by developing MemoryMonRWX, which is a bare-metal hypervisor. MemoryMonRWX is able to track and trap all types of memory access: read, write, and execute. MemoryMonRWX also has the following competitive advantages: fine-grained analysis, support of multi-core CPUs and 64-bit Windows 10. MemoryMonRWX is able to protect critical kernel memory areas even when PatchGuard has been disabled by malware. Its main innovative features are as follows: guaranteed interception of every memory access, resilience, and low performance degradation.
How security broken? - Android internals and malware infection possibilities
This document discusses security issues in the Android operating system and possibilities for malware infection. It begins by covering kernel-level protections like DEP and ASLR, which are not fully effective in Android due to issues like prelinking neutralizing ASLR. It then discusses the application layer, explaining Android application internals involving packages, permissions, and intent-based features like activities and broadcasts. Finally, it outlines the evolution of Android malware, characteristics like using intents and premium services, issues with anti-virus software's limited privileges, and how rooting breaks security by enabling malware to gain higher privileges.
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
The document discusses attacks on kernel memory data structures in Windows. It describes three types of attacks: handle table hijacking, hijacking NTFS file structures, and token hijacking. The author previously developed MemoryRanger, a hypervisor that runs drivers in isolated kernel enclaves to block such attacks. A new feature called a data-only enclave is introduced. The document then demonstrates how hijacking file structures could allow bypassing file access controls by copying a file object's data to gain unauthorized access to a secret file. MemoryRanger is shown to prevent this attack by isolating drivers and their memory.
How to drive a malware analyst crazy
This document discusses techniques that malware authors use to frustrate malware analysts, including inserting breakpoints, manipulating timing functions, exploiting Windows internals like debug flags and objects, anti-dumping methods, VM detection, and debugger-specific tricks. The author also announces a public malware repository and API called VXCage for sharing samples.
Is there an EFI monster inside your apple? by Pedro Vilaça - CODE BLUE 2015
A few months ago I publicly disclosed an Apple EFI firmware zero day. It was a very powerful bug allowing direct access to the EFI firmware from the operating system. EFI rootkits are some of the most powerful and most interesting rootkits. Because they work at a very low level they can play a lot of tricks to hide themselves from forensics and persist for a long time. EFI monsters are a bit like jaguars, stealthy and rarely seen by humans. This doesn't mean they do not exist. EFI monsters are most certainly part of spy agencies rootkits catalog. Very few tools exist to chase them.
This talk is about introducing you to the EFI world so you can also start to chase these monsters. EFI world might look scary but it's a bit easier than you think and a lot of fun.
Thunderstrike 2 (to be presented at BlackHat) is a fine example of the power of EFI rootkits and the problems they present.
Tkos secure boot_lecture_20190605
This document provides an introduction to secure boot. It begins with an overview of the topics to be covered, including attack surfaces, attack types, and basic defenses for embedded devices. It then describes the typical boot chain process, including the roles of the ROM bootloader, SPL, main bootloader, OS kernel, and initramfs. Finally, it discusses the basic chain of trust for secure boot and compares it to the PC bootchain, noting some vulnerabilities in the basic secure bootchain model.
Attacking Embedded Devices (No Axe Required)
This document discusses attacking embedded systems and analyzing firmware. It begins by explaining why embedded system vulnerabilities are important, as these devices often have weak security and are on critical network paths. It then covers techniques for detecting devices, including active scanning with Nmap and Nessus. Firmware analysis methods like strings, hexdump and grep are presented for initial examination. The document introduces tools for extracting filesystems from firmware and analyzing file contents. It emphasizes that emulation with Qemu allows debugging binaries from extracted firmware.
44CON 2014 - Breaking AV Software
The document discusses breaking and attacking antivirus software. It begins by introducing common features of antivirus engines like being written in C/C++ and supporting various file formats. It then discusses how installing antivirus software increases a system's attack surface and how antivirus engines can contain vulnerabilities. Specific examples of vulnerabilities found in antivirus products from Panda, ClamAV, and others are then presented, including multiple local privilege escalation issues found in Panda Global Protection 2013. Exploitation techniques for antivirus engines are also covered.
Android– forensics and security testing
Speaker:Santhosh Kumar
Event:Defcon Kerala
Date:8/03/2014
Android-Forensic and Security Analysis.
Android one of the leading Mobile Operating System which is managed by Google released back in 2008 now stands with a 4.4.x version Android KitKat.The Study Shows that increasing Crime Rates are switching from Computer Centered to PDA Based.Crime against Women,Children And Abuse.As the Digital Forensics and Law Enforcement Agencies find new Hard Challenges Cracking Down different Situation in the Android Environment.Google Play Store which has over 1 Million Application Active has also added to the Pain.
The Talk Focus on various Methods,the Various Situation where the forensics is useful.
The Methods are classified as Logical and physical which involves from breaking the passcodes to exploring virtual NAND memory.
The talk also focus on various places where is information is available to the forensic point of view.
Affected by Mobile Cyber Attack? Tortured by a Android Smartphone ? Relax there is a solution to each and everything.
The Talk also focus on using both Windows And linux as the Forensic Investigation Environment.
Android Which has the linux kernel at Heart can be best paradise when it comes to Forensic Data.
Various Tools on way this can be done in faster way.
Forensic always useful whether you are from a corporate environment or even from the massive Law enforcement Agencies.
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
The document discusses the challenges of protecting against malware on web browsers through client-side solutions alone. It describes how the author was able to bypass protections in various internet security suites and anti-malware products by creating malicious browser extensions. While some vendors were able to address the issues, the document argues that client-side only solutions are fundamentally limited. It suggests focusing on server-side protections instead of seeking a "client-side elixir" for fully preventing malware.
RISC-V-Day-Tokyo2018-suzaki
The document discusses Trusted Execution Environments (TEEs) and running the Open Portable Trusted Execution Environment (OP-TEE) trusted operating system on RISC-V. It provides an overview of TEEs, describes OP-TEE and the requirements to implement it on RISC-V, including developing a boot sequence, kernel driver, and libraries. The document also compares TEE implementations on ARM TrustZone and Intel SGX and covers memory mapping when running OP-TEE on ARM-based boards.
Windows Internals: fuzzing, hijacking and weaponizing kernel objects
Advanced Threats are rising in the Windows 10 environment, where sophisticated attack vectors are being used to evade threat detection tools and extract privileged data from the user. This talk presents a collection of tools and techniques developed after reverse engineering and playing with Windows interfaces, aim to evade detection system (A/V or A/C) and to escalate kernel privileges.
Android Mobile forensics with custom recoveries
The presentation describes how can we do Android Mobile forensics through custom recovery partitions. It explains that different forensics functionalities can be done on android phones through the custom recovery partition. Some of these functionalities are Logical/Physical data acquisition, PIN/Pattern/Passcode bypass, rooting, adb shell and many other functionalities. The presentation also illustrates how can we build our own custom recoveries.
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
All the details are here - http://bit.ly/AllMemPro
One of the main issues in the OS security is providing trusted code execution in an untrusted environment. During executing, kernel-mode drivers dynamically allocate memory to store and process their data: Windows core kernel structures, users’ private information, and sensitive data of third-party drivers. All this data can be tampered with by kernel-mode malware. Attacks on Windows-based computers can cause not just hiding a malware driver, process privilege escalation, and stealing private data but also failures of industrial CNC machines. Windows built-in security and existing approaches do not provide the integrity and confidentiality of the allocated memory of third-party drivers. The proposed hypervisor-based system (AllMemPro) protects allocated data from being modified or stolen. AllMemPro prevents access to even 1 byte of allocated data, adapts for newly allocated memory in real time, and protects the driver without its source code. AllMemPro works well on newest Windows 10 1709 x64.
44CON London - Attacking VxWorks: from Stone Age to Interstellar
Attacking VxWorks: from Stone Age to Interstellar presented by Yannick Formaggio at 44CON London 2015.
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
Current mobile gadgets includes of rich devices (high resolution video camera, microphone, GPS, etc) which enable high quantity communication (Video conference, current location data, etc). Unfortunately, the rich devices make easy to conduct cyber espionage. For example, a high resolution video is used to read the text on a display. A GPS device is used to track the user's location ("Cerberus" and "mSpy" are famous. Japanese application named "karelog" became social issues). These devices are not used in company's office or factory and computer administrators want to prohibit these devices. Unfortunately, the devices are embedded in a mobile gadget and most of them cannot be disenabled by BIOS or EFI.
In order to In order to solve this problem, we propose a thin hypervisor called "DeviceDisEnabler (DDE)", which hides some devices from OS. DDE is a lightweight hypervisor and can be inserted to a pre-installed OS. Although the OS uses "IN" instruction to get the device information on PCI and USB (Vendor ID, Device Class, etc), the "IN" instruction is hooked by DDE and the device information is hidden if the devices is prohibited in the company.
Unfortunately, not only attackers but also employees want to bypass the DDE because they want to use the devices. In order to protect bypassing the DDE, it encrypts the disk image of the OS. It means the OS cannot be used without the help of DDE. In order to hide the encryption key, the DDE has three types of key managements (A technique gets a key from the Internet with a secure communication. A technique hides the key into a TPM chip and obtains it at a certain state of boot time only. A technique obfuscates the key into the code using Whitebox Cryptography technique).
Current implementation is based on BitVisor 1.4 and the target is a mobile gadget which has Intel CPU. I will talk about the requirements for ARM CPU based implementation.
Возможно, время не на твоей стороне. Реализация атаки по времени в браузере
Ведущий: Том Ван Гутем
В докладе будет рассмотрена новая киберугроза: атака по времени с использованием браузера. Атакующий добывает секретный ключ криптосистемы (например, RSA) при помощи анализа времени, затрачиваемого на шифрование входных данных, и получает доступ к конфиденциальной информации, размещенной на доверенном веб-сайте. Исследовав популярные веб-службы (приложения для работы с электронной почтой, социальные сети и сайты финансовых учреждений), докладчик выяснил, что атака компрометирует каждую из них и представляет неминуемую угрозу безопасности пользователей. Вниманию слушателей будет предложено несколько случаев из практики, иллюстрирующих тяжелые последствия атаки.
Метод машинного обучения для распознавания сгенерированных доменных имен
Ведущий: Александр Колокольцев
Доклад посвящен использованию машинного обучения для выявления доменных имен, сгенерированных при помощи Domain Generation Algorithm. Для решения задачи предлагается N-грамм-анализ. Будет подробно описан анализатор доменных имен, при использовании которого была достигнута точность в 98,5%.
More Related Content
What's hot
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces
MemoryRanger is a hypervisor-based project, which isolates kernel-mode drivers and their allocated data by running drivers in isolated kernel enclaves.
All the details are here - bit.ly/MemoryRanger
Android forensics an Custom Recovery Image
Mobile Forensic Process
Different Mobile Forensic Scenario
Acquisition Guide
Challenges of Android Forensics
How to Circumvent the Pass Code
Types Of Analyses(Logical analysis)
Types Of Analyses(Physical analysis)
Android Partition Layout
Custom Recovery Modifications
How Data are Stored In Android
Example of Useful Data extracted from Android Image
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...
GNOME desktop environment stores user’s credentials in process memory, which poses an obvious danger and needs to be fixed. The competitive advantage of the proposed security tool (MimiDove) includes its ability to quickly detect and remove passwords containing both ASCII characters and Unicode characters.
MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows Kernel
I have presented that files open in an exclusive mode can be illegally accessed without any security reaction. After that, I’ve presented my MemoryRanger, which can prevent such unauthorized memory access.
All the details are here - https://igorkorkin.blogspot.com/2019/04/memoryranger-prevents-hijacking.html
Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory Access
The demo is here - https://www.youtube.com/watch?v=vi9TzLrO_pE
All details and source code are here - http://www.bit.ly/MemoryMonRWX
Modern malware and spyware platforms attack existing antivirus solutions and even Microsoft PatchGuard. To protect users and business systems new technologies developed by Intel and AMD CPUs may be applied. To deal with the new malware we propose monitoring and controlling access to the memory in real time using Intel VT-x with EPT. We have checked this concept by developing MemoryMonRWX, which is a bare-metal hypervisor. MemoryMonRWX is able to track and trap all types of memory access: read, write, and execute. MemoryMonRWX also has the following competitive advantages: fine-grained analysis, support of multi-core CPUs and 64-bit Windows 10. MemoryMonRWX is able to protect critical kernel memory areas even when PatchGuard has been disabled by malware. Its main innovative features are as follows: guaranteed interception of every memory access, resilience, and low performance degradation.
How security broken? - Android internals and malware infection possibilities
This document discusses security issues in the Android operating system and possibilities for malware infection. It begins by covering kernel-level protections like DEP and ASLR, which are not fully effective in Android due to issues like prelinking neutralizing ASLR. It then discusses the application layer, explaining Android application internals involving packages, permissions, and intent-based features like activities and broadcasts. Finally, it outlines the evolution of Android malware, characteristics like using intents and premium services, issues with anti-virus software's limited privileges, and how rooting breaks security by enabling malware to gain higher privileges.
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
The document discusses attacks on kernel memory data structures in Windows. It describes three types of attacks: handle table hijacking, hijacking NTFS file structures, and token hijacking. The author previously developed MemoryRanger, a hypervisor that runs drivers in isolated kernel enclaves to block such attacks. A new feature called a data-only enclave is introduced. The document then demonstrates how hijacking file structures could allow bypassing file access controls by copying a file object's data to gain unauthorized access to a secret file. MemoryRanger is shown to prevent this attack by isolating drivers and their memory.
How to drive a malware analyst crazy
This document discusses techniques that malware authors use to frustrate malware analysts, including inserting breakpoints, manipulating timing functions, exploiting Windows internals like debug flags and objects, anti-dumping methods, VM detection, and debugger-specific tricks. The author also announces a public malware repository and API called VXCage for sharing samples.
Is there an EFI monster inside your apple? by Pedro Vilaça - CODE BLUE 2015
A few months ago I publicly disclosed an Apple EFI firmware zero day. It was a very powerful bug allowing direct access to the EFI firmware from the operating system. EFI rootkits are some of the most powerful and most interesting rootkits. Because they work at a very low level they can play a lot of tricks to hide themselves from forensics and persist for a long time. EFI monsters are a bit like jaguars, stealthy and rarely seen by humans. This doesn't mean they do not exist. EFI monsters are most certainly part of spy agencies rootkits catalog. Very few tools exist to chase them.
This talk is about introducing you to the EFI world so you can also start to chase these monsters. EFI world might look scary but it's a bit easier than you think and a lot of fun.
Thunderstrike 2 (to be presented at BlackHat) is a fine example of the power of EFI rootkits and the problems they present.
Tkos secure boot_lecture_20190605
This document provides an introduction to secure boot. It begins with an overview of the topics to be covered, including attack surfaces, attack types, and basic defenses for embedded devices. It then describes the typical boot chain process, including the roles of the ROM bootloader, SPL, main bootloader, OS kernel, and initramfs. Finally, it discusses the basic chain of trust for secure boot and compares it to the PC bootchain, noting some vulnerabilities in the basic secure bootchain model.
Attacking Embedded Devices (No Axe Required)
This document discusses attacking embedded systems and analyzing firmware. It begins by explaining why embedded system vulnerabilities are important, as these devices often have weak security and are on critical network paths. It then covers techniques for detecting devices, including active scanning with Nmap and Nessus. Firmware analysis methods like strings, hexdump and grep are presented for initial examination. The document introduces tools for extracting filesystems from firmware and analyzing file contents. It emphasizes that emulation with Qemu allows debugging binaries from extracted firmware.
44CON 2014 - Breaking AV Software
The document discusses breaking and attacking antivirus software. It begins by introducing common features of antivirus engines like being written in C/C++ and supporting various file formats. It then discusses how installing antivirus software increases a system's attack surface and how antivirus engines can contain vulnerabilities. Specific examples of vulnerabilities found in antivirus products from Panda, ClamAV, and others are then presented, including multiple local privilege escalation issues found in Panda Global Protection 2013. Exploitation techniques for antivirus engines are also covered.
Android– forensics and security testing
Speaker:Santhosh Kumar
Event:Defcon Kerala
Date:8/03/2014
Android-Forensic and Security Analysis.
Android one of the leading Mobile Operating System which is managed by Google released back in 2008 now stands with a 4.4.x version Android KitKat.The Study Shows that increasing Crime Rates are switching from Computer Centered to PDA Based.Crime against Women,Children And Abuse.As the Digital Forensics and Law Enforcement Agencies find new Hard Challenges Cracking Down different Situation in the Android Environment.Google Play Store which has over 1 Million Application Active has also added to the Pain.
The Talk Focus on various Methods,the Various Situation where the forensics is useful.
The Methods are classified as Logical and physical which involves from breaking the passcodes to exploring virtual NAND memory.
The talk also focus on various places where is information is available to the forensic point of view.
Affected by Mobile Cyber Attack? Tortured by a Android Smartphone ? Relax there is a solution to each and everything.
The Talk also focus on using both Windows And linux as the Forensic Investigation Environment.
Android Which has the linux kernel at Heart can be best paradise when it comes to Forensic Data.
Various Tools on way this can be done in faster way.
Forensic always useful whether you are from a corporate environment or even from the massive Law enforcement Agencies.
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
The document discusses the challenges of protecting against malware on web browsers through client-side solutions alone. It describes how the author was able to bypass protections in various internet security suites and anti-malware products by creating malicious browser extensions. While some vendors were able to address the issues, the document argues that client-side only solutions are fundamentally limited. It suggests focusing on server-side protections instead of seeking a "client-side elixir" for fully preventing malware.
RISC-V-Day-Tokyo2018-suzaki
The document discusses Trusted Execution Environments (TEEs) and running the Open Portable Trusted Execution Environment (OP-TEE) trusted operating system on RISC-V. It provides an overview of TEEs, describes OP-TEE and the requirements to implement it on RISC-V, including developing a boot sequence, kernel driver, and libraries. The document also compares TEE implementations on ARM TrustZone and Intel SGX and covers memory mapping when running OP-TEE on ARM-based boards.
Windows Internals: fuzzing, hijacking and weaponizing kernel objects
Advanced Threats are rising in the Windows 10 environment, where sophisticated attack vectors are being used to evade threat detection tools and extract privileged data from the user. This talk presents a collection of tools and techniques developed after reverse engineering and playing with Windows interfaces, aim to evade detection system (A/V or A/C) and to escalate kernel privileges.
Android Mobile forensics with custom recoveries
The presentation describes how can we do Android Mobile forensics through custom recovery partitions. It explains that different forensics functionalities can be done on android phones through the custom recovery partition. Some of these functionalities are Logical/Physical data acquisition, PIN/Pattern/Passcode bypass, rooting, adb shell and many other functionalities. The presentation also illustrates how can we build our own custom recoveries.
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
All the details are here - http://bit.ly/AllMemPro
One of the main issues in the OS security is providing trusted code execution in an untrusted environment. During executing, kernel-mode drivers dynamically allocate memory to store and process their data: Windows core kernel structures, users’ private information, and sensitive data of third-party drivers. All this data can be tampered with by kernel-mode malware. Attacks on Windows-based computers can cause not just hiding a malware driver, process privilege escalation, and stealing private data but also failures of industrial CNC machines. Windows built-in security and existing approaches do not provide the integrity and confidentiality of the allocated memory of third-party drivers. The proposed hypervisor-based system (AllMemPro) protects allocated data from being modified or stolen. AllMemPro prevents access to even 1 byte of allocated data, adapts for newly allocated memory in real time, and protects the driver without its source code. AllMemPro works well on newest Windows 10 1709 x64.
44CON London - Attacking VxWorks: from Stone Age to Interstellar
Attacking VxWorks: from Stone Age to Interstellar presented by Yannick Formaggio at 44CON London 2015.
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
Current mobile gadgets includes of rich devices (high resolution video camera, microphone, GPS, etc) which enable high quantity communication (Video conference, current location data, etc). Unfortunately, the rich devices make easy to conduct cyber espionage. For example, a high resolution video is used to read the text on a display. A GPS device is used to track the user's location ("Cerberus" and "mSpy" are famous. Japanese application named "karelog" became social issues). These devices are not used in company's office or factory and computer administrators want to prohibit these devices. Unfortunately, the devices are embedded in a mobile gadget and most of them cannot be disenabled by BIOS or EFI.
In order to In order to solve this problem, we propose a thin hypervisor called "DeviceDisEnabler (DDE)", which hides some devices from OS. DDE is a lightweight hypervisor and can be inserted to a pre-installed OS. Although the OS uses "IN" instruction to get the device information on PCI and USB (Vendor ID, Device Class, etc), the "IN" instruction is hooked by DDE and the device information is hidden if the devices is prohibited in the company.
Unfortunately, not only attackers but also employees want to bypass the DDE because they want to use the devices. In order to protect bypassing the DDE, it encrypts the disk image of the OS. It means the OS cannot be used without the help of DDE. In order to hide the encryption key, the DDE has three types of key managements (A technique gets a key from the Internet with a secure communication. A technique hides the key into a TPM chip and obtains it at a certain state of boot time only. A technique obfuscates the key into the code using Whitebox Cryptography technique).
Current implementation is based on BitVisor 1.4 and the target is a mobile gadget which has Intel CPU. I will talk about the requirements for ARM CPU based implementation.
What's hot (20)
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...
MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows Kernel
MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows Kernel
Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory Access
Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory Access
How security broken? - Android internals and malware infection possibilities
How security broken? - Android internals and malware infection possibilities
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Is there an EFI monster inside your apple? by Pedro Vilaça - CODE BLUE 2015
Is there an EFI monster inside your apple? by Pedro Vilaça - CODE BLUE 2015
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
Windows Internals: fuzzing, hijacking and weaponizing kernel objects
Windows Internals: fuzzing, hijacking and weaponizing kernel objects
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
44CON London - Attacking VxWorks: from Stone Age to Interstellar
44CON London - Attacking VxWorks: from Stone Age to Interstellar
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
Viewers also liked
Возможно, время не на твоей стороне. Реализация атаки по времени в браузере
Ведущий: Том Ван Гутем
В докладе будет рассмотрена новая киберугроза: атака по времени с использованием браузера. Атакующий добывает секретный ключ криптосистемы (например, RSA) при помощи анализа времени, затрачиваемого на шифрование входных данных, и получает доступ к конфиденциальной информации, размещенной на доверенном веб-сайте. Исследовав популярные веб-службы (приложения для работы с электронной почтой, социальные сети и сайты финансовых учреждений), докладчик выяснил, что атака компрометирует каждую из них и представляет неминуемую угрозу безопасности пользователей. Вниманию слушателей будет предложено несколько случаев из практики, иллюстрирующих тяжелые последствия атаки.
Метод машинного обучения для распознавания сгенерированных доменных имен
Ведущий: Александр Колокольцев
Доклад посвящен использованию машинного обучения для выявления доменных имен, сгенерированных при помощи Domain Generation Algorithm. Для решения задачи предлагается N-грамм-анализ. Будет подробно описан анализатор доменных имен, при использовании которого была достигнута точность в 98,5%.
SupplyLab - публикация, доставка, развёртывание, лицензирование | Александр П...
1. Организация открытой системы управления полным циклом доставки, развёртывания и лицензирования до Заказчика.
2. Проектирование системы публикации, доставки, развёртывания и лицензирования - SupplyLab.
TeamPass - управление разграничением доступа к сервисным паролям в команде | ...
1. Что не устраивало в keepass?
2. Специфика компании.
3. Решение.
Сообщество DevOpsHQ: идеология и инструменты | Александр Паздников
1. О проекте DevOpsHQ - сообщество инженеров-автоматизаторов.
2. Преследуемые цели.
3. Предлагаемые инструменты.
4. Предлагаемые методики.
5. Готовые решения.
Модель системы Continuous Integration в компании Positive Technologies | Тиму...
1. Первоначальные типовые схемы, предлагаемые DevOps для всех проектов компании:
Build – Deploy – Testing – Promote
2. Реализация схемы на примерах наших проектов в TeamCity.
3. К чему мы пришли. Общая схема Continuous Integration:
Build – Deploy – Testing – Promote – Publishing – Delivery – Install & Update
Автоматизация нагрузочного тестирования в связке JMeter + TeamСity + Grafana ...
1. Описание старого процесса сбора данных о тестах: как было до, что хорошего, что плохого
2. Influxdb, как хранилище time-series данных,
3. Zabbix - мониторинг нагрузочных стендов: windows и linux агенты, активный сбор данных, autodiscovery виртуальных машин в esx
4. Grafana, как способ превратить графики и дашборды в конфетку
5. Автоматизация нагрузки от пользователей через web-UI при помощи Jmeter, отображение статистики в реальном времени, CI в Teamcity
Нейронечёткая классификация слабо формализуемых данных | Тимур Гильмуллин
1. Проблемы автоматизации классификации слабо формализуемых (нечётких) данных.
2. Нечёткие множества и нечёткие измерительные шкалы.
3. Моделирование нейронной сети для классификации данных.
4. Инструмент FuzzyClassificator и его внедрение в Компании.
5. Автоматизация классификации данных на базе TeamCity.
vSphereTools - инструмент для автоматизации работы с vSphere | Тимур Гильмуллин
1. VIX API против pysphere.
2. vSphereTools - это набор скриптов от DevOps для поддержки работы с vSphere и виртуальными машинами.
3. Описание инструмента, его достоинства и недостатки, возможные доработки.
От простого к сложному: автоматизируем ручные тест-планы | Сергей Тимченко
1. Смотрим по сторонам - обычный процесс авто-тестирования
2. Убираем лишнее - реалистичный целевой процесс
3. DataDrivenTesting - создание спец. инструментов для конкретных сценариев
4. RobotFramework - что делать, если простых сценариев слишком много
Инструментарий для создания дистрибутивов продуктов | Владимир Селин
1. Что такое дистрибутив большого продукта?
2. Проблема: знаниями о процессе установки продукта владеет малое число людей.
3. Шаблоны + DSL - решение всех проблем!
Пакетный менеджер CrossPM: упрощаем сложные зависимости | Александр Ковалев
1. Сложности при распутывании перекрёстных и вложенных зависимостей.
2. Пакетный менеджер CrossPM. Его возможности и примеры использования.
3. Интеграция CrossPM и системы хранения пакетов Artifactory.
Практические рекомендации по использованию системы TestRail | Дмитрий Рыльцов...
1. Цели использования TestRail.
2. Сущности системы TestRail.
3. Особенности проекта.
4. Наше решение.
5. TestRail Integration & Customization.
Организация workflow в трекере TFS | Алексей Соловьев
1. TFS как трекер: краткий обзор возможностей.
2. Структура типового Workflow: базовые элементы.
3. Сложности кастомизации WorkFlow в TFS.
Инструменты для проведения конкурентного анализа программных продуктов | Вла...
1. Что такое конкурентный анализ (КА) программных продуктов?
2. Методика и этапы КА.
3. Сложности реализации различных этапов КА.
4. Инструменты для автоматизации КА.
Интеграция TeamCity и сервера символов | Алексей Соловьев
1. Что такое сервер отладочных символов, его предназначение.
2. Отладочная информация (отладочные символы) – информация, которую генерирует компилятор на основе исходных кодов. Содержит информацию об именах файлов исходников, переменных, процедур, функций.
3. Сервер отладочной информации – сервер, основное предназначение которого – хранение отладочной информации, ее индексирование и предоставления доступа.
Общая концепция системы развёртывания серверного окружения на базе SaltStack ...
1. Проектирование системы обновлений.
2. О SaltStack.
3. Реализация update-сервера и примеры.
Система мониторинга Zabbix в процессах разработки и тестирования | Алексей Буров
1. Система мониторинга ресурсов различных отделов
2. Шаблоны и роли серверов, разграничение доступа и зон ответственности
3. ptzabbixtools - конфигурация мониторинга на целевых серверах
4. Пример встраивания системы мониторинга в процессы разработки/тестирования
Страх и ненависть в телеком-операторах
Ведущий: Илья Сафронов
Докладчик расскажет о различных технико-организационных схемах, которые позволяют злоумышленникам обогащаться за счет телеком-оператора. Речь пойдет о манипуляции с номерами, биллингом, настройками коммутации и межоператорских стыков. Будут описаны принципы работы SIM-боксов и схем с петлями трафика.
Мобильная связь небезопасна. Аргументы, подкрепленные фактами
Ведущие: Сергей Пузанков и Дмитрий Курбатов
Сети любого оператора мобильной связи содержат уязвимости, доставшиеся от старых технологий. Докладчики расскажут об уровне защищенности операторов на основе данных, полученных при исследовании реальных сетей.
Viewers also liked (20)
Возможно, время не на твоей стороне. Реализация атаки по времени в браузере
Возможно, время не на твоей стороне. Реализация атаки по времени в браузере
Метод машинного обучения для распознавания сгенерированных доменных имен
Метод машинного обучения для распознавания сгенерированных доменных имен
SupplyLab - публикация, доставка, развёртывание, лицензирование | Александр П...
SupplyLab - публикация, доставка, развёртывание, лицензирование | Александр П...
TeamPass - управление разграничением доступа к сервисным паролям в команде | ...
TeamPass - управление разграничением доступа к сервисным паролям в команде | ...
Сообщество DevOpsHQ: идеология и инструменты | Александр Паздников
Сообщество DevOpsHQ: идеология и инструменты | Александр Паздников
Модель системы Continuous Integration в компании Positive Technologies | Тиму...
Модель системы Continuous Integration в компании Positive Technologies | Тиму...
Автоматизация нагрузочного тестирования в связке JMeter + TeamСity + Grafana ...
Автоматизация нагрузочного тестирования в связке JMeter + TeamСity + Grafana ...
Нейронечёткая классификация слабо формализуемых данных | Тимур Гильмуллин
Нейронечёткая классификация слабо формализуемых данных | Тимур Гильмуллин
vSphereTools - инструмент для автоматизации работы с vSphere | Тимур Гильмуллин
vSphereTools - инструмент для автоматизации работы с vSphere | Тимур Гильмуллин
От простого к сложному: автоматизируем ручные тест-планы | Сергей Тимченко
От простого к сложному: автоматизируем ручные тест-планы | Сергей Тимченко
Инструментарий для создания дистрибутивов продуктов | Владимир Селин
Инструментарий для создания дистрибутивов продуктов | Владимир Селин
Пакетный менеджер CrossPM: упрощаем сложные зависимости | Александр Ковалев
Пакетный менеджер CrossPM: упрощаем сложные зависимости | Александр Ковалев
Практические рекомендации по использованию системы TestRail | Дмитрий Рыльцов...
Практические рекомендации по использованию системы TestRail | Дмитрий Рыльцов...
Организация workflow в трекере TFS | Алексей Соловьев
Организация workflow в трекере TFS | Алексей Соловьев
Инструменты для проведения конкурентного анализа программных продуктов | Вла...
Инструменты для проведения конкурентного анализа программных продуктов | Вла...
Интеграция TeamCity и сервера символов | Алексей Соловьев
Интеграция TeamCity и сервера символов | Алексей Соловьев
Общая концепция системы развёртывания серверного окружения на базе SaltStack ...
Общая концепция системы развёртывания серверного окружения на базе SaltStack ...
Система мониторинга Zabbix в процессах разработки и тестирования | Алексей Буров
Система мониторинга Zabbix в процессах разработки и тестирования | Алексей Буров
Мобильная связь небезопасна. Аргументы, подкрепленные фактами
Мобильная связь небезопасна. Аргументы, подкрепленные фактами
Similar to Доставка зловредов через облака
Secure Keystone Deployment
In the Juno summit, Symantec presented it's perspective on securing Keystone. Security is really a mindset and process. We proposed a layered security approach starting with the process for securing Keystone architecture, followed by securing the environment where Keystone is deployed and configured. Since then we have been implementing those security measures in our production environment. In this talk, we will discuss exactly how we have made our Keystone deployment secure and what we have learnt along the way.
Azure Sentinel
The document discusses Security Incident and Event Management (SIEM) systems and Microsoft Sentinel. It provides an overview of what a SIEM system is and what functionality it typically includes, such as log management, alerting, visualization, and incident management. It then describes Microsoft Sentinel specifically and how it is a cloud-native SIEM system that security operations teams can use to collect security data from various sources, detect threats using machine learning and analytics, and investigate and respond to security incidents.
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
【HITCON FreeTalk 2018 -暢談 CPU 處理器的歷史包袱】
➠ Talk: Spectre & Meltdown 漏洞的修補策略與 risk mitigation
➠ Speaker: gasgas
➠共筆:https://hackmd.io/IYTgRsAMaQTAtAZhAEwGbwCxlgdniAMaIaGECmAjISoWAKzCbBA=?view
➠ Video:
https://www.facebook.com/HITCON/videos/1732117933486188/
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploit it with sq lite magellan
Hack In Paris 2011 - Practical Sandboxing
An assessment of Internet Explorer, Adobe Reader and Google Chrome sandboxes. Presented at the Hack in Paris conference in 2011.
2018 NAMIC Farm Forum
This document discusses the benefits and risks of cloud services. It outlines key advantages of cloud services including scalability, durability, security, and efficiency. Cloud services allow IT infrastructure to scale easily based on demand. Data stored in the cloud has greater durability due to replication across multiple data centers. Cloud security focuses on logical rather than physical security through techniques like encryption and virtual private clouds. Cloud services also improve efficiency by converting capital expenses to variable operating costs and allowing companies to focus on their core competencies. The document provides examples of software as a service offerings that companies can use to take advantage of cloud applications and services.
CheckPoint: Anatomy of an evolving bot
The document discusses various techniques used by malware and botnets to evade detection. It describes how malware authors bypass traditional detection methods through obfuscation, packing, encryption, and avoiding static or dynamic analysis. It also outlines potential solutions to these challenges such as using rootkits to subvert analysis machines, tapping into browsers to detect obfuscated code, and monitoring unusual process enumeration. The challenges of polymorphic malware generating numerous variants is also covered.
Breaking Smart Speakers: We are Listening to You.
"In the past two years, smart speakers have become the most popular IoT device, Amazon_ Google and Apple have introduced their own smart speaker products. Most of these smart speakers have natural language recognition, chat, music playback, IoT device control, shopping, and so on. Manufacturers use artificial intelligence technology to make smart speakers have similar human capabilities in the chat conversation. However, with the smart speakers coming into more and more homes, and the function is becoming more powerful, its security has been questioned by many people. People are worried that smart speakers will be hacked to leak their privacy, and our research proves that this concern is very necessary.
In this talk, we will present how to use multiple vulnerabilities to achieve remote attack some of the most popular smart speakers. Our final attack effects include silent listening, control speaker speaking content and other demonstrations. And we're also going to talk about how to extract firmware from BGA packages Flash chips such as EMMC, EMCP, NAND Flash, etc. In addition, it contains how to turn on debug interfaces and get root privileges by modifying firmware content and Re-soldering Flash chips, which can be of great help for subsequent vulnerability analysis and debugging. Finally, we will play several demo videos to demonstrate how we can remotely access some Smart Speaker Root permissions and use smart speakers for eavesdropping and playing voice."
Rock the ActivityStream API
IBM Connections is more than a social product, it is a highly evolved social enterprise platform. With this evolution comes a high degree of integratability and the opportunity for end users to act in a contextual manner on business applications from within their collaboration environment, where their network of experts and their shared knowledge could help them taking better business decisions.
This session will demonstrate some real world examples working both for IBM Connections OnPremises and IBM Connections Cloud. It will explain how this integration can be achieved through components such as the Hompage’s Activity Stream and how these integrations can come together for organisations to get the most out of this social enterprise platform.
Integrate connections and twitter
The document summarizes a demo that uses the ActivityStream API to integrate enterprise processes with collaborative tools. The demo posts a tweet to an IBM Connections activity stream using the API and OAuth authentication. It then allows users to retweet or reply to the tweet directly from the activity stream without reauthenticating. The technical goal is to interact with the new ActivityStream API to send and retrieve data using OAuth. The functional goal is integration between business processes and collaborative tools using new technologies like ActivityStream and OpenSocial gadgets. The demo works the same for on-premises and cloud instances of IBM Connections.
Jump into Squeak - Integrate Squeak projects with Docker & Github
☛ Install Squeak and dependencies using Docker to avoid complex installation steps
☛ Extend Monticello to use Git for version control and collaboration by adding a MCGitHubRepository class
☛ Saves to Git automatically during Monticello commits, allowing changes to be pushed to a GitHub repository with a single commit
The Art of defence: How vulnerabilites help shape security features and mitig...
Information security is ever evolving, and Android's security posture is no different. Android users faces threats from a variety of sources, from the mundane to the extraordinary. Lost and stolen devices, malware attacks, rooting vulnerabilities, malicious websites, and nation state attackers are all within the Android threat model, and something the Android Security Team deals with daily. In this talk, we will cover the threats facing Android users, using both specific examples from previous Black Hat conferences and published research, as well as previously unpublished threats. For the threats, we will go into the specific technical controls which contain the vulnerability, as well as newly added Android N security features which defend against future unknown vulnerabilities. Finally, we'll discuss where we could go from here to make Android, and the entire computer industry, safer.
(Source: Black Hat USA 2016, Las Vegas)
Prometheus Training
Outdated training deck for Prometheus monitoring tool - shared as a basis for newer content for potential MeetUp and Conference talks. I'm sharing it since there is some intrinsic value remaining.
Developer Day 2014 - 6 - open source iot - eclipse foundation
This document discusses open source projects for building Internet of Things (IoT) solutions. It outlines 13 open source projects that provide building blocks for IoT including protocols, tools, frameworks and services. These projects include Paho, Mihini, Koneki, Eclipse SCADA, Kura, Mosquitto, Ponte, SmartHome, OM2M, Californium, Wakaama, Krikkit and Concierge. The document provides guidance on how to use several of these projects to build sensor networks, IoT gateways, device management and home automation applications. It also outlines a vision for the future of IoT where devices are part of the cloud and technologies like Krikkit make
Pursuing evasive custom command & control - GuideM
This talk is all about dissecting C3 channels and how the attacker leverages this technique in order to exfiltrate data using cloud storage provider
- Investigating in-memory attacks leveraging legitimate 3rd party services like Dropbox, OneDrive, and Slack to use as a medium for Command & Control Communication
- Detecting usage and exfiltration optimizing custom command & control channels
SCADA Security: The Five Stages of Cyber Grief
The document summarizes the five stages of grief experienced by organizations when they realize their critical infrastructure systems are connected to the internet and vulnerable to cyber attacks: denial, anger, bargaining, depression, and acceptance. It provides examples to illustrate why each stage occurs, such as discoveries of thousands of exposed SCADA and ICS devices online using tools like SHODAN, high-profile attacks like Stuxnet targeting critical infrastructure systems, and challenges of keeping outdated systems patched against emerging threats. The document argues organizations must ultimately accept the interconnected nature of systems and find new ways to design and manage critical infrastructure that are more secure and resilient to cyber attacks.
Five years of Persistent Threats
This presentation discusses persistent threats from file format attacks over the past 5 years. It outlines how attacks have grown more complex through improved social engineering, obfuscation, and evasion techniques. The presentation provides a case study of a specific attack and recommends mitigation strategies at basic, enhanced and strong levels to help defend against such threats.
Mitigating Malware Presentation Jkd 11 10 08 Aitp
The document discusses trends in crimeware and techniques used to evade detection. It describes how legitimate websites can be compromised to deliver drive-by downloads and how obfuscation is used to circumvent signature-based detection. The document analyzes examples of infected servers harvesting login credentials and personal data from victims. It advocates for proactive inspection of web content to detect unknown threats unlike reactive signature-based approaches.
Security Patterns for Microservice Architectures - ADTMag Microservices & API...
Are you securing your microservice architectures by hiding them behind a firewall? That works, but there are better ways to do it. This presentation recommends 11 patterns to secure microservice architectures.
1. Be Secure by Design
2. Scan Dependencies
3. Use HTTPS Everywhere
4. Use Access and Identity Tokens
5. Encrypt and Protect Secrets
6. Verify Security with Delivery Pipelines
7. Slow Down Attackers
8. Use Docker Rootless Mode
9. Use Time-Based Security
10. Scan Docker and Kubernetes Configuration for Vulnerabilities
11. Know Your Cloud and Cluster Security
Blog post: https://developer.okta.com/blog/2020/03/23/microservice-security-patterns
Cloud trust
The document discusses some of the main security concerns with cloud computing, including issues around data privacy, security, and trust. It suggests adopting a layered approach to security when using cloud services, including encrypting data, using strong authentication methods, and storing data with multiple reputable cloud providers. While cloud computing security risks exist, the document argues that major cloud providers have incentives to maintain security best practices due to their business models relying on reputation.
Similar to Доставка зловредов через облака (20)
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
Jump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & Github
The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...
Developer Day 2014 - 6 - open source iot - eclipse foundation
Developer Day 2014 - 6 - open source iot - eclipse foundation
Pursuing evasive custom command & control - GuideM
Pursuing evasive custom command & control - GuideM
Security Patterns for Microservice Architectures - ADTMag Microservices & API...
Security Patterns for Microservice Architectures - ADTMag Microservices & API...
More from Positive Hack Days
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
1. Основные понятия и определения: продукт, пакет, связи между ними.
2. Как узнать, какие изменения произошли в продукте?
3. Проблемы changelog и release note.
4. Решение: инструмент ChangelogBuilder для автоматической подготовки Release Notes
Как мы собираем проекты в выделенном окружении в Windows Docker
1. Обзор Windows Docker (кратко)
2. Как мы построили систему билда приложений в Docker (Visual Studio\Mongo\Posgresql\etc)
3. Примеры Dockerfile (выложенные на github)
4. Отличия процессов DockerWindows от DockerLinux (Долгий билд, баги, remote-регистр.)
Типовая сборка и деплой продуктов в Positive Technologies
1. Проблемы в построении CI процессов в компании
2. Структура типовой сборки
3. Пример реализации типовой сборки
4. Плюсы и минусы от использования типовой сборки
Аналитика в проектах: TFS + Qlik
1. Что такое BI. Зачем он нужен.
2. Что такое Qlik View / Sense
3. Способ интеграции. Как это работает.
4. Метрики, KPI, планирование ресурсов команд, ретроспектива релиза продукта, тренды.
5. Подключение внешних источников данных (Excel, БД СКУД, переговорные комнаты).
Использование анализатора кода SonarQube
1. Для чего нужны анализаторы кода
2. Что такое SonarQube
3. Принципе работы
4. Поддержка языков
5. Что находит
6. Метрики, снимаемые с кода
Развитие сообщества Open DevOps Community
1. Обзор инструментов в сообществе DevOpsHQ: https://github.com/devopshq и решаемые ими проблемы.
2. Планы развития сообщества DevOpsHQ.
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
1. Методика
2. Практика
3. Перспективы
Автоматизация построения правил для Approof
Approof — статический анализатор кода для проверки веб-приложений на наличие уязвимых компонентов. В своей работе анализатор основывается на правилах, хранящих сигнатуры искомых компонентов. В докладе рассматривается базовая структура правила для Approof и процесс автоматизации его создания.
Мастер-класс «Трущобы Application Security»
Задумывались ли вы когда-нибудь о том, как устроены современные механизмы защиты приложений? Какая теория стоит за реализацией WAF и SAST? Каковы пределы их возможностей? Насколько их можно подвинуть за счет более широкого взгляда на проблематику безопасности приложений?
На мастер-классе будут рассмотрены основные методы и алгоритмы двух основополагающих технологий защиты приложений — межсетевого экранирования уровня приложения и статического анализа кода. На примерах конкретных инструментов с открытым исходным кодом, разработанных специально для этого мастер-класса, будут рассмотрены проблемы, возникающие на пути у разработчиков средств защиты приложений, и возможные пути их решения, а также даны ответы на все упомянутые вопросы.
От экспериментального программирования к промышленному: путь длиной в 10 лет
Разработка наукоемкого программного обеспечения отличается тем, что нет ни четкой постановки задачи, ни понимания, что получится в результате. Однако даже этом надо программировать то, что надо, и как надо. Докладчик расскажет о том, как ее команда успешно разработала и вывела в промышленную эксплуатацию несколько наукоемких продуктов, пройдя непростой путь от эксперимента, результатом которого был прототип, до промышленных версий, которые успешно продаются как на российском, так и на зарубежном рынках. Этот путь был насыщен сложностями и качественными управленческими решениями, которыми поделится докладчик
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Немногие разработчики закладывают безопасность в архитектуру приложения на этапе проектирования. Часто для этого нет ни денег, ни времени. Еще меньше — понимания моделей нарушителя и моделей угроз. Защита приложения выходит на передний план, когда уязвимости начинают стоить денег. К этому времени приложение уже работает и внесение существенных изменений в код становится нелегкой задачей.
К счастью, разработчики тоже люди, и в коде разных приложений можно встретить однотипные недостатки. В докладе речь пойдет об опасных ошибках, которые чаще всего допускают разработчики Android-приложений. Затрагиваются особенности ОС Android, приводятся примеры реальных приложений и уязвимостей в них, описываются способы устранения.
Требования по безопасности в архитектуре ПО
Разработка любого софта так или иначе базируется на требованиях. Полный перечень составляют бизнес-цели приложения, различные ограничения и ожидания по качеству (их еще называют NFR). Требования к безопасности ПО относятся к последнему пункту. В ходе доклада будут рассматриваться появление этих требований, управление ими и выбор наиболее важных.
Отдельно будут освещены принципы построения архитектуры приложения, при наличии таких требований и без, и продемонстрировано, как современные (и хорошо известные) подходы к проектированию приложения помогают лучше строить архитектуру приложения для минимизации ландшафта угроз.
Формальная верификация кода на языке Си
Доклад посвящен разработке корректного программного обеспечения с применением одного из видов статического анализа кода. Будут освещены вопросы применения подобных методов, их слабые стороны и ограничения, а также рассмотрены результаты, которые они могут дать. На конкретных примерах будет продемонстрировано, как выглядят разработка спецификаций для кода на языке Си и доказательство соответствия кода спецификациям.
Механизмы предотвращения атак в ASP.NET Core
The document discusses preventing attacks in ASP.NET Core. It provides an overview of topics like preventing open redirect attacks, cross-site request forgery (CSRF), cross-site scripting (XSS) attacks, using and architecture of cookies, data protection, session management, and content security policy (CSP). The speaker is an independent developer and consultant who will discuss built-in mechanisms in ASP.NET Core for addressing these security issues.
Credential stuffing и брутфорс-атаки
В рамках секции: Инновации в средствах защиты и проверки защищенности
More from Positive Hack Days (20)
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows Docker
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive Technologies
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 лет
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services Center
Recently uploaded
Trusted Execution Environment for Decentralized Process Mining
Presentation of the paper "Trusted Execution Environment for Decentralized Process Mining" given during the CAiSE 2024 Conference in Cyprus on June 7, 2024.
Operating System Used by Users in day-to-day life.pptx
Dive into the realm of operating systems (OS) with Pravash Chandra Das, a seasoned Digital Forensic Analyst, as your guide. 🚀 This comprehensive presentation illuminates the core concepts, types, and evolution of OS, essential for understanding modern computing landscapes.
Beginning with the foundational definition, Das clarifies the pivotal role of OS as system software orchestrating hardware resources, software applications, and user interactions. Through succinct descriptions, he delineates the diverse types of OS, from single-user, single-task environments like early MS-DOS iterations, to multi-user, multi-tasking systems exemplified by modern Linux distributions.
Crucial components like the kernel and shell are dissected, highlighting their indispensable functions in resource management and user interface interaction. Das elucidates how the kernel acts as the central nervous system, orchestrating process scheduling, memory allocation, and device management. Meanwhile, the shell serves as the gateway for user commands, bridging the gap between human input and machine execution. 💻
The narrative then shifts to a captivating exploration of prominent desktop OSs, Windows, macOS, and Linux. Windows, with its globally ubiquitous presence and user-friendly interface, emerges as a cornerstone in personal computing history. macOS, lauded for its sleek design and seamless integration with Apple's ecosystem, stands as a beacon of stability and creativity. Linux, an open-source marvel, offers unparalleled flexibility and security, revolutionizing the computing landscape. 🖥️
Moving to the realm of mobile devices, Das unravels the dominance of Android and iOS. Android's open-source ethos fosters a vibrant ecosystem of customization and innovation, while iOS boasts a seamless user experience and robust security infrastructure. Meanwhile, discontinued platforms like Symbian and Palm OS evoke nostalgia for their pioneering roles in the smartphone revolution.
The journey concludes with a reflection on the ever-evolving landscape of OS, underscored by the emergence of real-time operating systems (RTOS) and the persistent quest for innovation and efficiency. As technology continues to shape our world, understanding the foundations and evolution of operating systems remains paramount. Join Pravash Chandra Das on this illuminating journey through the heart of computing. 🌟
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Generating privacy-protected synthetic data using Secludy and Milvus
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
5th LF Energy Power Grid Model Meet-up Slides
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Programming Foundation Models with DSPy - Meetup Slides
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on automated letter generation for Bonterra Impact Management using Google Workspace or Microsoft 365.
Interested in deploying letter generation automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
HCL Notes and Domino License Cost Reduction in the World of DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Digital Marketing Trends in 2024 | Guide for Staying Ahead
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
Predictive maintenance is a proactive approach that anticipates equipment failures before they happen. At the forefront of this innovative strategy is Artificial Intelligence (AI), which brings unprecedented precision and efficiency. AI in predictive maintenance is transforming industries by reducing downtime, minimizing costs, and enhancing productivity.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
This case study explores designing a scalable e-commerce platform, covering key requirements, system components, and best practices.
Azure API Management to expose backend services securely
How to use Azure API Management to expose backend service securely
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
When it comes to unit testing in the .NET ecosystem, developers have a wide range of options available. Among the most popular choices are NUnit, XUnit, and MSTest. These unit testing frameworks provide essential tools and features to help ensure the quality and reliability of code. However, understanding the differences between these frameworks is crucial for selecting the most suitable one for your projects.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Recently uploaded (20)
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Azure API Management to expose backend services securely
Azure API Management to expose backend services securely
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Доставка зловредов через облака
- 2. Антон Тюрин …облака Attack Detection Team Positive Technologies http://pre09.deviantart.net/0226/th/pre/i/2015/138/f/a/pixel_cloud_lightning_strikes_by_mattcheveralls-d8ttyal.jpg
- 3. Anyone Sharing Service Your Cloud Storage Cloud Inbox Sharing ptsecurity.com 1
- 4. balloon.io ptsecurity.com 2 Dropbox oauth2 Enter share name https://balloon.io/$SHARE
- 6. Looking for shares ptsecurity.com 4 Gmail 5 million leakage
- 7. Looking for shares ptsecurity.com 5 • 1000 gmail usernames • 39 found • 5 000 000 * 4% = 200 000
- 8. [RCE] CVE-2015-0096 .LNK exploit ptsecurity.com 6 CVE-2010-2568 Stuxnet 5 years alive DLL loading during Windows Explorer access to the icon of a crafted shortcut To trigger vulnerability just open Explorer
- 9. Our case ptsecurity.com 7 Anyone Balloon.io Dropbox Local Folder
- 13. ptsecurity.com Спасибо! Доставка зловредов через облака @attackdetection