Data structures for Text Editors: Hakim Cassimally @osfameron
Lambda Lounge Manchester, Mon 16th Jan 2017
There are some notes in the tab below on SlideShare. Alternatively, you can download a PDF with full notes from https://www.dropbox.com/s/gxi2zbb861f82vw/text-editors-with-notes.pdf?dl=0
I don't normally draw slides, but this time I started to get grumpy about drawing boxes in Keynote and decided it would actually be easier to use pen and paper. I'm not sure if the result looks good, but it kept me amused and was mostly fun (taking photos of the resulting thing was a bit of a faff.)
LambdaLounge is a meetup for functional programmers, and this talk has a focus on immutable data-structures. There are few code examples (it turns out that one (dis?)advantage of drawing slides is that you don't really feel like writing out large chunks of source code) but what little there is is in Clojure.
EMBA - Firmware analysis DEFCON30 demolabs USA 2022MichaelM85042
Penetration testing of current embedded devices is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify, optimize and automate the complex task of firmware security analysis.
Project page: https://github.com/e-m-b-a/emba
Conference page: https://forum.defcon.org/node/242109
The results of extensive experimental and numerical simulations illustrate that a TLD can be designed to effectively control the response of a structure subjected to large amplitude broad-banded base excitations, such as those experienced during an earthquake.
Data structures for Text Editors: Hakim Cassimally @osfameron
Lambda Lounge Manchester, Mon 16th Jan 2017
There are some notes in the tab below on SlideShare. Alternatively, you can download a PDF with full notes from https://www.dropbox.com/s/gxi2zbb861f82vw/text-editors-with-notes.pdf?dl=0
I don't normally draw slides, but this time I started to get grumpy about drawing boxes in Keynote and decided it would actually be easier to use pen and paper. I'm not sure if the result looks good, but it kept me amused and was mostly fun (taking photos of the resulting thing was a bit of a faff.)
LambdaLounge is a meetup for functional programmers, and this talk has a focus on immutable data-structures. There are few code examples (it turns out that one (dis?)advantage of drawing slides is that you don't really feel like writing out large chunks of source code) but what little there is is in Clojure.
EMBA - Firmware analysis DEFCON30 demolabs USA 2022MichaelM85042
Penetration testing of current embedded devices is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify, optimize and automate the complex task of firmware security analysis.
Project page: https://github.com/e-m-b-a/emba
Conference page: https://forum.defcon.org/node/242109
The results of extensive experimental and numerical simulations illustrate that a TLD can be designed to effectively control the response of a structure subjected to large amplitude broad-banded base excitations, such as those experienced during an earthquake.
The Enterprise Guide to Building a Data Mesh - Introducing SpecMeshIanFurlong4
For organisations to successfully adopt data mesh, setting up and maintaining infrastructure needs to be easy.
We believe the best way to achieve this is to leverage the learnings from building a ‘central nervous system‘, commonly used in modern data-streaming ecosystems. This approach formalises and automates of the manual parts of building a data mesh.
This presentation introduces SpecMesh; a methodology and supporting developer toolkit to enable business to build the foundations of their data mesh.
Redis Streams plus Spark Structured StreamingDave Nielsen
Continuous applications have 3 things in common: They collect data from sources (ex: IoT devices), process them in real-time (example: ETL), and deliver them to machine learning serving layer for decision making. Continuous applications face many challenges as they grow to production. Often, due to the rapid increase in the number of devices or end-users or other data sources, the size of their data set grows exponentially. This results in a backlog of data to be processed. The data will no longer be processed in near-real-time.
Redis Streams enables you to collect both binary and text data in the time series format. The consumer groups of Redis Stream help you match the data processing rate of your continuous application with the rate of data arrival from various sources.
Apache Spark’s Structured Streaming API enables real-time decision making for Continuous Applications.
In this session, Dave will perform a live demonstration of how to integrate open source Redis with Apache Spark’s Structured Streaming API using Spark-Redis library. I will also walk through the code and run a live continuous application.
“Lights Out”Configuration using Tivoli Netcool AutoDiscovery ToolsAntonio Rolle
Review why a CMDB is essential to and is the foundation of your BSM strategy
Outline the known challenges that require planning at the outset of a CMDB initiative
Drill down into the approach and lessons learned in the initial stages of a CMDB rollout for one of the largest financial institutions in North America
by Lin Chunyong and Ryan Deivert, Airbnb
AWS Data & Analytics Week is an opportunity to learn about Amazon’s family of managed analytics services. These services provide easy, scalable, reliable, and cost-effective ways to manage your data in the cloud. We explain the fundamentals and take a technical deep dive into Amazon Redshift data warehouse; Data Lake services including Amazon EMR, Amazon Athena, & Amazon Redshift Spectrum; Log Analytics with Amazon Elasticsearch Service; and data preparation and placement services with AWS Glue and Amazon Kinesis. You'll will learn how to get started, how to support applications, and how to scale.
Implementing a data_science_project (Python Version)_part1Dr Sulaimon Afolabi
This teaches how to implement a data science project using Python.
You can watch the youtube video via this link https://goo.gl/Mi4aJH
Jupyter notebook: https://goo.gl/AxRMe3
Evolving your Data Access with MongoDB Stitch - Drew Di PalmaMongoDB
You have valuable data in MongoDB and while it's important to use that data to empower your users and customers it can be tough to do so in a safe, secure way. In this session, you'll learn how to simply connect your users with the data they need using MongoDB Stitch.
MongoDB Schema Design: Practical Applications and ImplicationsMongoDB
Presented by Austin Zellner, Solutions Architect, MongoDB
Schema design is as much art as it is science, but it is central to understanding how to get the most out of MongoDB. Attendees will walk away with an understanding of how to approach schema design, what influences it, and the science behind the art. After this session, attendees will be ready to design new schemas, as well as re-evaluate existing schemas with a new mental model.
Enterprise guide to building a Data MeshSion Smith
Making Data Mesh simple, Open Source and available to all; without vendor lock-in, without complex tooling and to use an approach centered around ‘specifications’, existing tools and baking in a ‘domain’ model.
Off-Label Data Mesh: A Prescription for Healthier DataHostedbyConfluent
"Data mesh is a relatively recent architectural innovation, espoused as one of the best ways to fix analytic data. We renegotiate aged social conventions by focusing on treating data as a product, with a clearly defined data product owner, akin to that of any other product. In addition, we focus on building out a self-service platform with integrated governance, letting consumers safely access and use the data they need to solve their business problems.
Data mesh is prescribed as a solution for _analytical data_, so that conventionally analytical results (think weekly sales or monthly revenue reports) can be more accurately and predictably computed. But what about non-analytical business operations? Would they not also benefit from data products backed by self-service capabilities and dedicated owners? If you've ever provided a customer with an analytical report that differed from their operational conclusions, then this talk is for you.
Adam discusses the resounding successes he has seen from applying data mesh _off-label_ to both analytical and operational domains. The key? Event streams. Well-defined, incrementally updating data products that can power both real-time and batch-based applications, providing a single source of data for a wide variety of application and analytical use cases. Adam digs into the common areas of success seen across numerous clients and customers and provides you with a set of practical guidelines for implementing your own minimally viable data mesh.
Finally, Adam covers the main social and technical hurdles that you'll encounter as you implement your own data mesh. Learn about important data use cases, data domain modeling techniques, self-service platforms, and building an iteratively successful data mesh."
Building Social Enterprise with Ruby and SalesforceRaymond Gao
This was my presentation at the Oct 4th, Dallas Ruby Brigade night. It covers Lean Methodology and using DatabaseDotCom and Ruby
Source Code
https://github.com/raygao/DallasRubyPresentation
As You Seek – How Search Enables Big Data AnalyticsInside Analysis
The Briefing Room with Robin Bloor and MarkLogic
Live Webcast on June 18, 2013
http://www.insideanalysis.com
The heart and soul of Big Data Analytics revolves around search. That's why we keep hearing about NoSQL database vendors aligning themselves with third-party search engines. Because these purpose-built database engines do not leverage the Structured Query Language, search is the means by which valuable insights are gleaned from them. But bolted-on search engines typically don't offer the kind of deep functionality that built-in engines can.
Register for this episode of The Briefing Room to hear veteran Analyst Dr. Robin Bloor explain how search functionality provides a window into the possibilities for Big Data Analytics. He'll be briefed by David Gorbet of MarkLogic who will tout his company's object database offering, which boasts more than 10 years of use in production. He'll discuss how search can be used to expose relationships in Big Data and thus help generate insights. He'll also provide details on MarkLogic's enterprise-caliber capabilities, such as ACID compliance, its SQL interface, and where semantics fit in the roadmap.
Amundsen: From discovering to security datamarkgrover
Hear about how Lyft and Square are solving data discovery and data security challenges using a shared open source project - Amundsen.
Talk details and abstract:
https://www.datacouncil.ai/talks/amundsen-from-discovering-data-to-securing-data
Redis + Structured Streaming—A Perfect Combination to Scale-Out Your Continuo...Databricks
"Continuous applications" supported by Apache Spark's Structured Streaming API enable real-time decision making in the areas such as IoT, AI, fraud mitigation, personalized experience, etc. All continuous applications have one thing in common: they collect data from various sources (devices in IoT, for example), process them in real-time (example: ETL), and deliver them to machine learning serving layer for decision making. Continuous applications face many challenges as they grow to production. Often, due to the rapid increase in the number devices or end-users or other data sources, the size of their data set grows exponentially. This results in a backlog of data to be processed. The data will no longer be processed in near-real-time. Redis, the open-source, in-memory database offers many options to handle this situation in a cost-effective manner. First and foremost, you could insert Redis into an existing continuous application without disrupting its architecture, and with minimal code changes. Redis, being in-memory, allows over a million writes per second with sub-millisecond latency. The Redis Stream data structure enables you to collect both binary and text data in the time series format. The consumer groups of Redis Stream help you match the data processing rate of your continuous application with the rate of data arrival from various sources. In this session, I will perform a live demonstration of how to integrate a continuous application using Apache Spark's Structured Streaming API with open source Redis. I will also walk through the code, and run a live IoT continuous application.
Speaker: Roshan Kumar
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
More Related Content
Similar to Started from the Bottom: Exploiting Data Sources to Uncover ATT&CK Behaviors
The Enterprise Guide to Building a Data Mesh - Introducing SpecMeshIanFurlong4
For organisations to successfully adopt data mesh, setting up and maintaining infrastructure needs to be easy.
We believe the best way to achieve this is to leverage the learnings from building a ‘central nervous system‘, commonly used in modern data-streaming ecosystems. This approach formalises and automates of the manual parts of building a data mesh.
This presentation introduces SpecMesh; a methodology and supporting developer toolkit to enable business to build the foundations of their data mesh.
Redis Streams plus Spark Structured StreamingDave Nielsen
Continuous applications have 3 things in common: They collect data from sources (ex: IoT devices), process them in real-time (example: ETL), and deliver them to machine learning serving layer for decision making. Continuous applications face many challenges as they grow to production. Often, due to the rapid increase in the number of devices or end-users or other data sources, the size of their data set grows exponentially. This results in a backlog of data to be processed. The data will no longer be processed in near-real-time.
Redis Streams enables you to collect both binary and text data in the time series format. The consumer groups of Redis Stream help you match the data processing rate of your continuous application with the rate of data arrival from various sources.
Apache Spark’s Structured Streaming API enables real-time decision making for Continuous Applications.
In this session, Dave will perform a live demonstration of how to integrate open source Redis with Apache Spark’s Structured Streaming API using Spark-Redis library. I will also walk through the code and run a live continuous application.
“Lights Out”Configuration using Tivoli Netcool AutoDiscovery ToolsAntonio Rolle
Review why a CMDB is essential to and is the foundation of your BSM strategy
Outline the known challenges that require planning at the outset of a CMDB initiative
Drill down into the approach and lessons learned in the initial stages of a CMDB rollout for one of the largest financial institutions in North America
by Lin Chunyong and Ryan Deivert, Airbnb
AWS Data & Analytics Week is an opportunity to learn about Amazon’s family of managed analytics services. These services provide easy, scalable, reliable, and cost-effective ways to manage your data in the cloud. We explain the fundamentals and take a technical deep dive into Amazon Redshift data warehouse; Data Lake services including Amazon EMR, Amazon Athena, & Amazon Redshift Spectrum; Log Analytics with Amazon Elasticsearch Service; and data preparation and placement services with AWS Glue and Amazon Kinesis. You'll will learn how to get started, how to support applications, and how to scale.
Implementing a data_science_project (Python Version)_part1Dr Sulaimon Afolabi
This teaches how to implement a data science project using Python.
You can watch the youtube video via this link https://goo.gl/Mi4aJH
Jupyter notebook: https://goo.gl/AxRMe3
Evolving your Data Access with MongoDB Stitch - Drew Di PalmaMongoDB
You have valuable data in MongoDB and while it's important to use that data to empower your users and customers it can be tough to do so in a safe, secure way. In this session, you'll learn how to simply connect your users with the data they need using MongoDB Stitch.
MongoDB Schema Design: Practical Applications and ImplicationsMongoDB
Presented by Austin Zellner, Solutions Architect, MongoDB
Schema design is as much art as it is science, but it is central to understanding how to get the most out of MongoDB. Attendees will walk away with an understanding of how to approach schema design, what influences it, and the science behind the art. After this session, attendees will be ready to design new schemas, as well as re-evaluate existing schemas with a new mental model.
Enterprise guide to building a Data MeshSion Smith
Making Data Mesh simple, Open Source and available to all; without vendor lock-in, without complex tooling and to use an approach centered around ‘specifications’, existing tools and baking in a ‘domain’ model.
Off-Label Data Mesh: A Prescription for Healthier DataHostedbyConfluent
"Data mesh is a relatively recent architectural innovation, espoused as one of the best ways to fix analytic data. We renegotiate aged social conventions by focusing on treating data as a product, with a clearly defined data product owner, akin to that of any other product. In addition, we focus on building out a self-service platform with integrated governance, letting consumers safely access and use the data they need to solve their business problems.
Data mesh is prescribed as a solution for _analytical data_, so that conventionally analytical results (think weekly sales or monthly revenue reports) can be more accurately and predictably computed. But what about non-analytical business operations? Would they not also benefit from data products backed by self-service capabilities and dedicated owners? If you've ever provided a customer with an analytical report that differed from their operational conclusions, then this talk is for you.
Adam discusses the resounding successes he has seen from applying data mesh _off-label_ to both analytical and operational domains. The key? Event streams. Well-defined, incrementally updating data products that can power both real-time and batch-based applications, providing a single source of data for a wide variety of application and analytical use cases. Adam digs into the common areas of success seen across numerous clients and customers and provides you with a set of practical guidelines for implementing your own minimally viable data mesh.
Finally, Adam covers the main social and technical hurdles that you'll encounter as you implement your own data mesh. Learn about important data use cases, data domain modeling techniques, self-service platforms, and building an iteratively successful data mesh."
Building Social Enterprise with Ruby and SalesforceRaymond Gao
This was my presentation at the Oct 4th, Dallas Ruby Brigade night. It covers Lean Methodology and using DatabaseDotCom and Ruby
Source Code
https://github.com/raygao/DallasRubyPresentation
As You Seek – How Search Enables Big Data AnalyticsInside Analysis
The Briefing Room with Robin Bloor and MarkLogic
Live Webcast on June 18, 2013
http://www.insideanalysis.com
The heart and soul of Big Data Analytics revolves around search. That's why we keep hearing about NoSQL database vendors aligning themselves with third-party search engines. Because these purpose-built database engines do not leverage the Structured Query Language, search is the means by which valuable insights are gleaned from them. But bolted-on search engines typically don't offer the kind of deep functionality that built-in engines can.
Register for this episode of The Briefing Room to hear veteran Analyst Dr. Robin Bloor explain how search functionality provides a window into the possibilities for Big Data Analytics. He'll be briefed by David Gorbet of MarkLogic who will tout his company's object database offering, which boasts more than 10 years of use in production. He'll discuss how search can be used to expose relationships in Big Data and thus help generate insights. He'll also provide details on MarkLogic's enterprise-caliber capabilities, such as ACID compliance, its SQL interface, and where semantics fit in the roadmap.
Amundsen: From discovering to security datamarkgrover
Hear about how Lyft and Square are solving data discovery and data security challenges using a shared open source project - Amundsen.
Talk details and abstract:
https://www.datacouncil.ai/talks/amundsen-from-discovering-data-to-securing-data
Redis + Structured Streaming—A Perfect Combination to Scale-Out Your Continuo...Databricks
"Continuous applications" supported by Apache Spark's Structured Streaming API enable real-time decision making in the areas such as IoT, AI, fraud mitigation, personalized experience, etc. All continuous applications have one thing in common: they collect data from various sources (devices in IoT, for example), process them in real-time (example: ETL), and deliver them to machine learning serving layer for decision making. Continuous applications face many challenges as they grow to production. Often, due to the rapid increase in the number devices or end-users or other data sources, the size of their data set grows exponentially. This results in a backlog of data to be processed. The data will no longer be processed in near-real-time. Redis, the open-source, in-memory database offers many options to handle this situation in a cost-effective manner. First and foremost, you could insert Redis into an existing continuous application without disrupting its architecture, and with minimal code changes. Redis, being in-memory, allows over a million writes per second with sub-millisecond latency. The Redis Stream data structure enables you to collect both binary and text data in the time series format. The consumer groups of Redis Stream help you match the data processing rate of your continuous application with the rate of data arrival from various sources. In this session, I will perform a live demonstration of how to integrate a continuous application using Apache Spark's Structured Streaming API with open source Redis. I will also walk through the code, and run a live IoT continuous application.
Speaker: Roshan Kumar
Similar to Started from the Bottom: Exploiting Data Sources to Uncover ATT&CK Behaviors (20)
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Started from the Bottom: Exploiting Data Sources to Uncover ATT&CK Behaviors
1. Started From the Bottom:
Exploiting Data Sources to
Uncover ® Behaviors
Jose Rodriguez @Cyb3rPandaH
Jamie Williams @jamieantisocial
MITRE ATT&CK @MITREattack
2. Agenda
● Data sources?
● Are ATT&CK data sources sufficient for security operations?
● Any opportunities for ATT&CK data sources improvement?
● How can we enhance current data sources?
● How do these concepts apply to ATT&CK?
● Data-driven hunt experiment
6. Threat modeling Exploit Public-
Facing Application
Rundll32
Service Execution
Regsvr32
Windows
Command Shell
7. Threat modeling Exploit Public-
Facing Application
Rundll32
Service Execution
Regsvr32
Windows
Command Shell
Match Legitimate
Name or Location
Scheduled Task
COR_PROFILER
Windows Service
Modify Registry
…
8. Exploit Public-
Facing Application
Rundll32
Service Execution
Regsvr32
Windows
Command Shell
Match Legitimate
Name or Location
Scheduled Task
COR_PROFILER
Windows Service
Modify Registry
Threat modeling++
…
14. Data source
Source of information collected by a sensor or logging system that may be
used to collect information relevant to identifying the action being performed,
sequence of actions, or the results of those actions by an adversary.
DLL monitoring
Process monitoring
Netflow
Windows event logs
File monitoring
…
16. How data sources support this process?
Adversary Behavior
Telemetry
Data Sources
Modeling Threat
Actor
Identifying Relevant
Data
17. Data Sources
Command
ProcessProcess
Port
Ip
Process
dll
Connected to
Connected to
Created Created
Executed
Loaded
Sysmon 3
Network Connection
Sysmon 7
Image Loaded
PowerShell 4104
Script Block Logging
Threat Actor Model – Data Perspective
Relevant Data
What data are
we generating?
What data
are we
collecting?
Effective
Detection
Strategy
Process command-line
parameters
Process monitoring
Netflow
Windows event logs
File monitoring
Security 4624
Successful Logon
Zeek Conn Log
TCP/UDP/ICMP
Osquery
Process_events
How data sources support this process?
19. Any opportunities
for ATT&CK
data sources
improvement?
https://screenrant.com/lord-rings-movies-gandalf-staffs-grey-white-explained/
20. Some opportunities for improvement are:
• Lack of context
• Redundancy
and overlapping
• Too broad scope
https://www.pinterest.com/pin/535013630705243890/
21. Opportunity: Lack of context
More context will help to map
ATT&CK data sources to event logs
Sysmon 1
Process Creation
Sysmon 3
Network Connection
Sysmon 5
Process Terminated
Sysmon 8
Create Remote Thread
Sysmon 10
Process Access
Process
Monitoring? ?
24. How can we
enhance current
ATT&CK data
sources?
https://lotr.fandom.com/wiki/Gandalf
25. Enter data modeling!!
A data model is a
collection of concepts for
organizing data elements
and standardizing
how they relate to
one another.
26. How to identify data elements and relationships?
A data dictionary
describes a single event
log and its corresponding
event field names.
27. Documenting event logs via data dictionaries
Module
dllProcess Loaded
Sysmon 7
Image Loaded
Field Type Description Sample Value
Process Guid String
Process Guid of the process
that loaded the image
{A98268C1-A12A-5ACD-
0000-0010E4C8B300}
Process Id Integer
Process ID used by the os
to identify the process that
loaded the image
3532
Image String
File path of the process
that loaded the image
C:WindowsSystem32
cmd.exe
Image Loaded String
Full path of the image
loaded
C:WindowsSystem32
msvcrt.dll
Description String
Description of the image
loaded
Windows NT CRT DLL
28. Documenting data sources via data dictionaries
Module
dllProcess Loaded
Process
IpProcess Connected to
PortProcess Connected to
IpUser Connected to
PortUser Connected to
Sysmon 7
Image Loaded
Sysmon 3
Network Connection
Data fields
- ProcessGuid
- ProcessId
- Image
- ImageLoaded
- Product
- Description
- Signed
- Signature
- SignatureStatus
Data fields
- ProcessGuid
- ProcessId
- Image
- User
- Protocol
- SourceIp
- SourcePort
- DestinationIp
- DestinationPort
Sysmon 8
Create Remote Thread
Data fields
- SourceProcessGuid
- SourceProcessId
- SourceImage
- TargetProcessGuid
- TargetProcessId
- TargetImage
- StartModule
- StartFunction
ProcessProcess Wrote to
Sysmon 11
File Create File
FileProcess Created
Data fields
- ProcessGuid
- ProcessId
- Image
- TargetFileName
- CreationUtcTime
30. Adding metadata to ATT&CK data sources
Process
Sysmon 1
Process Creation
Sysmon 3
Network Connection
Sysmon 8
Create Remote Thread
Sysmon 10
Process Access
Security 4688
Process Created
Security 5156
Connection Permitted
ProcessProcess Created
ProcessUser Created
IpProcess Connected To
IpUser Connected To
ProcessProcess Wrote To
ProcessProcess Opened
Process Network
Connection
Process Creation
Process
Modification
Process Access
Data Sources
Components
Relationships Event Logs
31. Identifying relevant data via data sources objects
Sysmon 7
Image Loaded
Sysmon 3
Network Connection
Data fields
- ProcessGuid
- ProcessId
- Image
- ImageLoaded
- Product
- Description
- Signed
- Signature
- SignatureStatus
Data fields
- ProcessGuid
- ProcessId
- Image
- User
- Protocol
- SourceIp
- SourcePort
- DestinationIp
- DestinationPort
Sysmon 8
Create Remote Thread
Data fields
- SourceProcessGuid
- SourceProcessId
- SourceImage
- TargetProcessGuid
- TargetProcessId
- TargetImage
- StartModule
- StartFunction
Sysmon 11
File Create
Data fields
- ProcessGuid
- ProcessId
- Image
- TargetFileName
- CreationUtcTime
API
Auth. logs
Process
Module
Netflow
File
Windows event logs
32. Identifying relevant data via data sources objects
Sysmon 7
Image Loaded
Sysmon 3
Network Connection
Data fields
- ProcessGuid
- ProcessId
- Image
- ImageLoaded
- Product
- Description
- Signed
- Signature
- SignatureStatus
Data fields
- ProcessGuid
- ProcessId
- Image
- User
- Protocol
- SourceIp
- SourcePort
- DestinationIp
- DestinationPort
Sysmon 8
Create Remote Thread
Data fields
- SourceProcessGuid
- SourceProcessId
- SourceImage
- TargetProcessGuid
- TargetProcessId
- TargetImage
- StartModule
- StartFunction
Sysmon 11
File Create
Data fields
- ProcessGuid
- ProcessId
- Image
- TargetFileName
- CreationUtcTime
Identify coverage and gaps
?
? API
Auth. logs
Process
Module
Netflow
File
Windows event logs
Windows event logs
34. A basic detection research process
1. Research goal definition
2. Initial detection modeling
3. Adversary simulation
4. Detection model definition
5. Detection model validation
6. Documentation & communication
36. 1. Research goal: COR_PROFILER
Creation
of malicious dll
Use of wmic.exe
Modification of the
registry to set
environment variable
Load of dll through
.NET processes
Where will we find this, and more, data?
37. 2. Initial detection modeling: COR_PROFILER
Creation
of malicious dll
Use of wmic.exe
Modification of the
registry to set
environment variable
Load of dll through
.NET processes
Process Process creation
User Process
created
Process Process
created
Sysmon 1
Process Creation
File
Windows
Registry
Module
Data
Sources
module load
Data
Components
Windows registry key
modification
File creation Process File
created
Relationships
Environment
Activity
Event Logs
Sysmon 11
File Creation
Process
Registry Key
Value
modified Sysmon 13
Registry Value Set
Process dll
loaded Sysmon 7
Image Loaded
39. 4. Detection model: Persistence & COR_PROFILER
User
Process
Process File
Process
Registry
Key Value
modifies
Process dll
loads
Before reboot After reboot
Data Model
creates
creates
creates
Creation
of malicious dll
Use of wmic.exe
Modification of the
registry to set
environment variable
Load of dll through
.NET processes
Environment
Activity
40. 4. Detection model: COR_PROFILER
Sysmon 13
Registry Value Set
Sysmon 1
Process Creation
Creation
of malicious dll
Use of wmic.exe
Modification of the
registry to set
environment variable
Load of dll through
.NET processes
Environment
Activity
41. 4. Detection model: COR_PROFILER
Sysmon 13
Registry Value Set
Sysmon 1
Process Creation
Creation
of malicious dll
Use of wmic.exe
Modification of the
registry to set
environment variable
Load of dll through
.NET processes
Environment
Activity
42. 4. Detection model: CMD.EXE ParentProcess
cmd.exe also has
more child processes
43. 4. Detection model: COR_PROFILER (Before Rebooting)
cmd.exe
wmic.exe wmiprvse.exe
modifies
modifies
reg.exe
creates modifies
Registry Entry e0b3489da74f.dll
Inprocserver32
CLSID {11111111-1111-1111-1111-
1111deadbeef}
Environment Variable
COR_ENABLING_PROFILING
Environment Variable
COR_PROFILER
CLSID {11111111-1111-1111-
1111-1111deadbeef}
Data Model
Simulation Data
creates
Registry Entry e0b3489da74f.dll
Inprocserver32
CLSID {11111111-1111-1111-1111-
1111deadbeef}
Environment Variable
COR_ENABLING_PROFILING
Creation
of malicious dll
Use of wmic.exe
Modification of the
registry to set
environment variable
Load of dll through
.NET processes
Environment
Activity
Environment Variable
COR_PROFILER
CLSID {11111111-1111-1111-
1111-1111deadbeef}
Registry Entry e0b3489da74f.dll
Inprocserver32
CLSID {11111111-1111-1111-1111-
1111deadbeef}
Environment Variable
COR_PROFILER
CLSID {11111111-1111-1111-
1111-1111deadbeef}
44. 4. Detection model: COR_PROFILER (Before Rebooting)
process
process process
modifies
modifies
process
creates modifies
Registry Entry e0b3489da74f.dll
Inprocserver32
CLSID {11111111-1111-1111-1111-
1111deadbeef}
Environment Variable
COR_ENABLING_PROFILING
Environment Variable
COR_PROFILER
CLSID {11111111-1111-1111-1111-
1111deadbeef}
Data Model
Adversary Behavior
creates
registry key value
Inprocserver32
CLSID {XXX-XXX-XXX-XXX-XXX}
registry key value
COR_ENABLING_PROFILING
Creation
of malicious dll
Use of wmic.exe
Modification of the
registry to set
environment variable
Load of dll through
.NET processes
Environment
Activity
registry key value
COR_PROFILER
CLSID {XXX-XXX-XXX-XXX-XXX}
46. 4. Detection model: COR_PROFILER (Before Rebooting)
Data Analytic
dll registered using inprocserver and CLSID
COR_PROFILER environment variable configured with same CLSID
48. After a nice weekend...
https://wifflegif.com/tags/67564-bombur-gifs
49. 4. Detection model: e0b3489da74f.DLL load
Sysmon 7
Image Loaded
Creation
of malicious dll
Use of wmic.exe
Modification of the
registry to set
environment variable
Load of dll through
.NET processes
Environment
Activity
50. 4. Detection model: e0b3489da74f.DLL load
Sysmon 7
Image Loaded
Creation
of malicious dll
Use of wmic.exe
Modification of the
registry to set
environment variable
Load of dll through
.NET processes
Environment
Activity
51. 4. Detection model: Persistence & COR_PROFILER
Data Model
Adversary Behavior
Before Reboot After Reboot
process
process process
modifies
modifies
process
creates modifies
creates
registry key value
Inprocserver32
CLSID {XXX-XXX-XXX-XXX-XXX}
dll
registry key value
COR_ENABLING_PROFILING
registry key value
COR_PROFILER
CLSID {XXX-XXX-XXX-XXX-XXX}
process
loads
dll
53. 4. Detection model : COR_PROFILER (After Reboot)
Data Analytic
dll registered using inprocserver and CLSID
COR_PROFILER environment variable configured with same CLSID
dll loaded after reboot
54. 4. Detection model : COR_PROFILER (After Rebooting)
Data Analytic Results
55. 4. Detection model : COR_PROFILER (After Rebooting)
Data Analytic Results
57. 4. Detection model: Visual Studio 2019 (victim)
What else does the
victim process do?
58. 4. Detection model: Persistence & COR_PROFILER
Data Model
Adversary Behavior
Before Reboot After Reboot
process
process process
modifies
modifies
process
creates modifies
creates
registry key value
Inprocserver32
CLSID {XXX-XXX-XXX-XXX-XXX}
dll
registry key value
COR_ENABLING_PROFILING
registry key value
COR_PROFILER
CLSID {XXX-XXX-XXX-XXX-
XXX}
process
loads
process ip
Connects to
process
dll
creates
creates
60. 4. Detection model : COR_PROFILER (After Reboot)
Data Analytic
dll registered using inprocserver and CLSID
COR_PROFILER environment variable configured with same CLSID
dll loaded after reboot
Child process of process that loaded dll
Child process making a network connection
62. 5. Detection model: Persistence & COR_PROFILER
regsvr32.exe connected to 151.101.208.133
after being spawned by a powershell.exe
that loaded e0b3489da74f.dll
due to COR_PROFILER environment variables
set by wmiprvse.exe and reg.exe
63. 6. Documentation and communication
Before Reboot After Reboot
process
process process
modifies
modifies
process
creates modifies
creates
registry key value
Inprocserver32
CLSID {XXX-XXX-XXX-XXX-XXX}
dll
registry key value
COR_ENABLING_PROFILING
registry key value
COR_PROFILER
CLSID {XXX-XXX-XXX-XXX-
XXX}
process
loads
process ip
Connects to
process
dll
creates
creates
64. 6. Documentation and communication
Before Reboot After Reboot
process
process process
modifies
modifies
process
creates modifies
creates
registry key value
Inprocserver32
CLSID {XXX-XXX-XXX-XXX-XXX}
dll
registry key value
COR_ENABLING_PROFILING
registry key value
COR_PROFILER
CLSID {XXX-XXX-XXX-XXX-
XXX}
process
loads
process ip
Connects to
process
dll
creates
creates
Behavior Context
65. Conclusion
•Modeling data sources can
provide more context
•We can use this enhanced
understanding of data sources
and their relationships
to more effectively uncover
ATT&CK behaviors
66. Contact info and relevant links
• attack.mitre.org
• redcanary.com/blog/
blue-mockingbird-cryptominer/
• redcanary.com/blog/
cor_profiler-for-persistence/
• 3gstudent.github.io/
3gstudent.github.io/
Use-CLR-to-maintain-persistence/
Jose Rodriguez @Cyb3rPandaH
Jamie Williams @jamieantisocial
MITRE ATT&CK @MITREattack
• github.com/redcanaryco/atomic-red-team
• github.com/Cyb3rWard0g/HELK
• github.com/OTRF/OSSEM
• github.com/OTRF/Mordor
• mitre.org/sites/default/files/publications/
pr-19-3892-ttp-based-hunting.pdf