Troy Hunt and Scott Helme have spoken about all the exciting security things, so let’s talk about the boring bits! When we think about application and infrastructure security, we often think about the big shiny things and forget the boring bits. In this talk, we’ll look at the security of our package dependencies, CI/CD tools, how we send email and even resolve hostnames. Over the last few months, hackers have managed to inject cryptocurrency miners into all these places. Security incidents in these components might not result in an entry in Have I Been Pwned?, but they'll result in a bad day.
This was presented at DDD Melbourne, which is a shortened version of this presentation.
Troy Hunt and Scott Helme have spoken about all the exciting security things, so let’s talk about the boring bits! When we think about application and infrastructure security, we often think about the big shiny things and forget the boring bits. In this talk, we’ll look at the security of our package dependencies, CI/CD tools, how we send email and even resolve hostnames. Over the last few months, hackers have managed to inject cryptocurrency miners into all these places. Security incidents in these components might not result in an entry in Have I Been Pwned?, but they'll result in a bad day.
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019kieranjacobsen
Troy Hunt and Scott Helme have spoken about all the exciting security things, so let’s talk about the boring bits! When we think about application and infrastructure security, we often think about the big shiny things and forget the boring bits. In this talk, we’ll look at the security of our package dependencies, CI/CD tools, how we send email and even resolve hostnames. Over the last few months, hackers have managed to inject cryptocurrency miners into all these places. Security incidents in these components might not result in an entry in Have I Been Pwned?, but they'll result in a bad day.
Troy Hunt and Scott Helme have spoken about all the exciting security things, so let’s talk about the boring bits! When we think about application and infrastructure security, we often think about the big shiny things and forget the boring bits. In this talk, we’ll look at the security of our package dependencies, CI/CD tools, how we send email and even resolve hostnames. Over the last few months, hackers have managed to inject cryptocurrency miners into all these places. Security incidents in these components might not result in an entry in Have I Been Pwned?, but they'll result in a bad day.
DNS is one of the fastest growing attack vectors and current security solutions don’t address DNS threats. Infoblox Advanced DNS Protection is a self-protecting DNS appliance that provides defense against widest range of attacks – enabling you to automatically defend your business from DNS threats.
DNS is critical network infrastructure and securing it against attacks like DDoS, NXDOMAIN, hijacking and Malware/APT is very important to protecting any business.
This presentation covers the current status of TLS 1.3 in the wolfSSL embedded TLS library (as of the time it was presented). It talks about the Draft status of TLS 1.3, middlebox compatibility, extensions, RSA-PSS negotiation and the specification's progress in the TLSWG (TLS Working Group).
www.wolfssl.com
www.wolfssl.com/tls13
Troy Hunt and Scott Helme have spoken about all the exciting security things, so let’s talk about the boring bits! When we think about application and infrastructure security, we often think about the big shiny things and forget the boring bits. In this talk, we’ll look at the security of our package dependencies, CI/CD tools, how we send email and even resolve hostnames. Over the last few months, hackers have managed to inject cryptocurrency miners into all these places. Security incidents in these components might not result in an entry in Have I Been Pwned?, but they'll result in a bad day.
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019kieranjacobsen
Troy Hunt and Scott Helme have spoken about all the exciting security things, so let’s talk about the boring bits! When we think about application and infrastructure security, we often think about the big shiny things and forget the boring bits. In this talk, we’ll look at the security of our package dependencies, CI/CD tools, how we send email and even resolve hostnames. Over the last few months, hackers have managed to inject cryptocurrency miners into all these places. Security incidents in these components might not result in an entry in Have I Been Pwned?, but they'll result in a bad day.
Troy Hunt and Scott Helme have spoken about all the exciting security things, so let’s talk about the boring bits! When we think about application and infrastructure security, we often think about the big shiny things and forget the boring bits. In this talk, we’ll look at the security of our package dependencies, CI/CD tools, how we send email and even resolve hostnames. Over the last few months, hackers have managed to inject cryptocurrency miners into all these places. Security incidents in these components might not result in an entry in Have I Been Pwned?, but they'll result in a bad day.
DNS is one of the fastest growing attack vectors and current security solutions don’t address DNS threats. Infoblox Advanced DNS Protection is a self-protecting DNS appliance that provides defense against widest range of attacks – enabling you to automatically defend your business from DNS threats.
DNS is critical network infrastructure and securing it against attacks like DDoS, NXDOMAIN, hijacking and Malware/APT is very important to protecting any business.
This presentation covers the current status of TLS 1.3 in the wolfSSL embedded TLS library (as of the time it was presented). It talks about the Draft status of TLS 1.3, middlebox compatibility, extensions, RSA-PSS negotiation and the specification's progress in the TLSWG (TLS Working Group).
www.wolfssl.com
www.wolfssl.com/tls13
F5 and Infoblox deliver complete secured DNS infrastructureDSorensenCPR
F5 and Infoblox have partnered to develop a solution to simplify and speed deployment of the Domain Name System Security Extensions (DNSSEC). F5 and Infoblox together deliver the market’s only fully integrated and complete DNSSEC solution including high-performance DNS and GSLB functions, all supporting signed DNSSEC data. This provides customers a scalable, manageable, and secure DNS infrastructure that is equipped to withstand DNS attacks. The solution is a combination of Infoblox’s purpose-built appliances that deliver highly reliable, manageable and secure DNS services with built-in, automated DNSSEC features, and F5 BIG-IP Global Traffic Manager appliances optimized with hardware acceleration facilitating real-time signing of DNSSEC signature queries.
Secure enclaves are becoming a popular way to separate and protect sensitive code and data from other processes running on a system. A FIPS 140-2 validated cryptographic software module is currently required to run power-on self tests when loaded, but security of the module can be taken one step further by validating the module inside a secure enclave, such as Intel SGX.
wolfSSL has been working on FIPS 140-2 validating the wolfCrypt library running inside an Intel SGX enclave. This session will discuss the advantages, challenges, and process of FIPS 140-2 validating a cryptographic software module inside Intel SGX and how the same process could be applied to other secure enclave environments.
The wolfSSL lightweight SSL/TLS library now includes TLS 1.3 support. This slide deck, from a seminar given in Tokyo, Japan, covers the differences in TLS 1.3 and what wolfSSL currently supports.
Zero Day Malware Detection/Prevention Using Open Source SoftwareMyNOG
Zero Day Malware Detection/Prevention Using Open Source Software – Proof of Concept
Fathi Kamil Mohad Zainuddin
Senior Analyst (Malware Research Centre, MyCERT)
Umbrella for MSPs: Enterprise Grade Malware Protection & ContainmentOpenDNS
During IT Nation 2013, MSP Product Manager Dima Kumets presented this breakout session, sharing how Umbrella for MSPs can decrease costs, increase revenue, and improve customer retention.
DNS Security (DNSSEC) With BIG-IP Global Traffic ManagerDSorensenCPR
This slideshow gives an overview of how F5's BIG-IP Application Delivery Controllers protect customers' DNS infrastructure against various attacks by implementing a unique dynamic security signing policy.
This session will provide insight into highly disruptive breaches that MANDIANT investigated over the past year. It describes how threat actors have destroyed system infrastructure and taken companies offline for weeks. The threat actors are split into two categories for this talk and focused on the SHAMOON cases. I will also talk about highlights from Incident Response cases of 2017. Financially motivated vs Non Financially motivated. I will talk about how recent attacks with SHAMOON differ - their motives compared to financially motivated threat actors. Highlights from a couple of 2017 IRs - Overview of TTPs of the important State Sponsored Attacks seen in 2017.
Using hypervisor and container technology to increase datacenter security pos...Tim Mackey
As presented at LinuxCon/ContainerCon 2016:
Cyber threats consistently rank as a high priority for data center operators and their reliability teams. As increasingly sophisticated attacks mount, the risk associated with a zero-day attack is significant. Traditional responses include perimeter monitoring and anti-malware agents. Unfortunately, those techniques introduce performance and management challenges when used at large VM densities, and may not work well with containerized applications.
Fortunately, the Xen Project community has collaborated to create a solution which reduces the potential of success associated with rootkit attack vectors. When combined with recent advancements in processor capabilities, and secure development models for container deployment, it’s possible to both protect against and be proactively alerted to potential zero-day attacks. In this session, we’ll cover models to limit the scope of compromise should an attack be mounted against your infrastructure. Two attack vectors will be illustrated, and we’ll see how it’s possible to be proactively alerted to potential zero-day actions without requiring significant reconfiguration of your datacenter environment.
Technology elements explored include those from Black Duck, Bitdefender, Citrix, Intel and Guardicore.
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupmichaelxin2015
We now live in a world where individuals or groups of individuals hold the same destructive power that only nation states once held. For as little as a couple of dollars an hour, fortune 500 companies and even nation states have been wiped off the Internet. The emergence of professional DDoS services is changing the threat landscape of the Internet once again. We'll take a look at DDoS tools and services and what we can do to combat them.
DefCon 25 - The Key Management Facility of the Root Zone DNSSEC KSKPunky Duero
This presentation was delivered during DefCon 25 at the Crypto Village. It provides a reminder and timeline of the KSK Rollover, a tour of the Key Management Facility and an overview of the Key Ceremonies.
Ведущий: Терренс Гаро
В докладе рассказывается о том, как создать ханипот (ловушку) и организовать сервис с обновляемыми данными о попавшихся DDoS-ботах с помощью Kibana, Elasticsearch, Logstash и AMQP. Докладчик откроет исходный код системы мониторинга и сбора внешней статистики DDoS-атак, над которой он работал со своей командой последние два года.
Slides about DDoS detection tool. IPFIX, sFlow, Netflow support. Instant detection. Complete API and command line tools.
Free trial: https://fastnetmon.com/trial/
Having been a Penetration Tester for the last 15+ years I have seen many environments and technologies. I have had the pleasure / hell of testing systems I’ve never even heard of and the agony of defeat on a major scale. Instead of just going over the what we used to work our way in, I want to go over the tricks the BLUE team used to keep us out! We will go over the technologies and techniques that have turned our traditional paths to root from minutes to months and the tricks that got us “caught” along the way. Not all pentests are a dream and the nightmares CAN / DO happen. So, let’s talk about how YOUR environment can become an attackers worst nightmare instead of their favorite playground
F5 and Infoblox deliver complete secured DNS infrastructureDSorensenCPR
F5 and Infoblox have partnered to develop a solution to simplify and speed deployment of the Domain Name System Security Extensions (DNSSEC). F5 and Infoblox together deliver the market’s only fully integrated and complete DNSSEC solution including high-performance DNS and GSLB functions, all supporting signed DNSSEC data. This provides customers a scalable, manageable, and secure DNS infrastructure that is equipped to withstand DNS attacks. The solution is a combination of Infoblox’s purpose-built appliances that deliver highly reliable, manageable and secure DNS services with built-in, automated DNSSEC features, and F5 BIG-IP Global Traffic Manager appliances optimized with hardware acceleration facilitating real-time signing of DNSSEC signature queries.
Secure enclaves are becoming a popular way to separate and protect sensitive code and data from other processes running on a system. A FIPS 140-2 validated cryptographic software module is currently required to run power-on self tests when loaded, but security of the module can be taken one step further by validating the module inside a secure enclave, such as Intel SGX.
wolfSSL has been working on FIPS 140-2 validating the wolfCrypt library running inside an Intel SGX enclave. This session will discuss the advantages, challenges, and process of FIPS 140-2 validating a cryptographic software module inside Intel SGX and how the same process could be applied to other secure enclave environments.
The wolfSSL lightweight SSL/TLS library now includes TLS 1.3 support. This slide deck, from a seminar given in Tokyo, Japan, covers the differences in TLS 1.3 and what wolfSSL currently supports.
Zero Day Malware Detection/Prevention Using Open Source SoftwareMyNOG
Zero Day Malware Detection/Prevention Using Open Source Software – Proof of Concept
Fathi Kamil Mohad Zainuddin
Senior Analyst (Malware Research Centre, MyCERT)
Umbrella for MSPs: Enterprise Grade Malware Protection & ContainmentOpenDNS
During IT Nation 2013, MSP Product Manager Dima Kumets presented this breakout session, sharing how Umbrella for MSPs can decrease costs, increase revenue, and improve customer retention.
DNS Security (DNSSEC) With BIG-IP Global Traffic ManagerDSorensenCPR
This slideshow gives an overview of how F5's BIG-IP Application Delivery Controllers protect customers' DNS infrastructure against various attacks by implementing a unique dynamic security signing policy.
This session will provide insight into highly disruptive breaches that MANDIANT investigated over the past year. It describes how threat actors have destroyed system infrastructure and taken companies offline for weeks. The threat actors are split into two categories for this talk and focused on the SHAMOON cases. I will also talk about highlights from Incident Response cases of 2017. Financially motivated vs Non Financially motivated. I will talk about how recent attacks with SHAMOON differ - their motives compared to financially motivated threat actors. Highlights from a couple of 2017 IRs - Overview of TTPs of the important State Sponsored Attacks seen in 2017.
Using hypervisor and container technology to increase datacenter security pos...Tim Mackey
As presented at LinuxCon/ContainerCon 2016:
Cyber threats consistently rank as a high priority for data center operators and their reliability teams. As increasingly sophisticated attacks mount, the risk associated with a zero-day attack is significant. Traditional responses include perimeter monitoring and anti-malware agents. Unfortunately, those techniques introduce performance and management challenges when used at large VM densities, and may not work well with containerized applications.
Fortunately, the Xen Project community has collaborated to create a solution which reduces the potential of success associated with rootkit attack vectors. When combined with recent advancements in processor capabilities, and secure development models for container deployment, it’s possible to both protect against and be proactively alerted to potential zero-day attacks. In this session, we’ll cover models to limit the scope of compromise should an attack be mounted against your infrastructure. Two attack vectors will be illustrated, and we’ll see how it’s possible to be proactively alerted to potential zero-day actions without requiring significant reconfiguration of your datacenter environment.
Technology elements explored include those from Black Duck, Bitdefender, Citrix, Intel and Guardicore.
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupmichaelxin2015
We now live in a world where individuals or groups of individuals hold the same destructive power that only nation states once held. For as little as a couple of dollars an hour, fortune 500 companies and even nation states have been wiped off the Internet. The emergence of professional DDoS services is changing the threat landscape of the Internet once again. We'll take a look at DDoS tools and services and what we can do to combat them.
DefCon 25 - The Key Management Facility of the Root Zone DNSSEC KSKPunky Duero
This presentation was delivered during DefCon 25 at the Crypto Village. It provides a reminder and timeline of the KSK Rollover, a tour of the Key Management Facility and an overview of the Key Ceremonies.
Ведущий: Терренс Гаро
В докладе рассказывается о том, как создать ханипот (ловушку) и организовать сервис с обновляемыми данными о попавшихся DDoS-ботах с помощью Kibana, Elasticsearch, Logstash и AMQP. Докладчик откроет исходный код системы мониторинга и сбора внешней статистики DDoS-атак, над которой он работал со своей командой последние два года.
Slides about DDoS detection tool. IPFIX, sFlow, Netflow support. Instant detection. Complete API and command line tools.
Free trial: https://fastnetmon.com/trial/
Having been a Penetration Tester for the last 15+ years I have seen many environments and technologies. I have had the pleasure / hell of testing systems I’ve never even heard of and the agony of defeat on a major scale. Instead of just going over the what we used to work our way in, I want to go over the tricks the BLUE team used to keep us out! We will go over the technologies and techniques that have turned our traditional paths to root from minutes to months and the tricks that got us “caught” along the way. Not all pentests are a dream and the nightmares CAN / DO happen. So, let’s talk about how YOUR environment can become an attackers worst nightmare instead of their favorite playground
Security Vulnerabilities: How to Defend Against ThemMartin Vigo
In recent years it became the norm to wake up to news about hackers, cyber attacks, ransom campaigns and NSA. Since 2003 the Open Web Application Security Project (OWASP) is the go-to reference to learn more about security vulnerabilities. OWASP published a list of the Top 10 most common security issues for Web.
In this talk, we will review the list to learn the details and discuss how to harden and defend our Web applications from those vulnerabilities. If you care about your product and customer's data, want to become a better developer or are simply interested in the kind of cyber attacks delinquents use to compromise websites, this talk is for you.
HKG15-407: EME implementation in Chromium: Linaro Clear Key Linaro
HKG15-407: EME implementation in Chromium: Linaro Clear Key
---------------------------------------------------
Speaker: Matt Snoby
Date: February 12, 2015
---------------------------------------------------
★ Session Summary ★
An example of a key system from a Clear Key point of view. Linaro implemented a sample CDM plugin for Chromium capable to exercise the EME implementation of the browser. The presentation gives an insight to the EME/CDM implementation in Chromium and the guidelines to integrating various DRM systems. We will present call flows with example classes, experiences learned, and example of things to watch out for.
--------------------------------------------------
★ Resources ★
Pathable: https://hkg15.pathable.com/meetings/250835
Video: https://www.youtube.com/watch?v=dJqCbTfKrMk
Etherpad: http://pad.linaro.org/p/hkg15-407
Also see: http://www.slideshare.net/linaroorg/hkg15407-eme-implementation-in-chromium-linaro-clear-key
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2015 - #HKG15
February 9-13th, 2015
Regal Airport Hotel Hong Kong Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
Operations: Security Crash Course — Best Practices for Securing your CompanyAmazon Web Services
All companies should build with security and protection of customer data as the number one priority. This talk will cover a wide range of best practices from MFA, root accounts, encrypting laptops, inventory management, MDM, and incident response. You'll learn key principles of how to build a secure organization to protect your data. Don't wait until your first security incident before putting these best practices in place.
Security Information and Event Management with Kafka, Kafka Connect, KSQL and...confluent
Security Information and Event Management with Kafka, Kafka Connect, KSQL and Logstash, Jason Bell, Kafka DevOps Engineer at Digitalis
Meetup Link: https://www.meetup.com/Amsterdam-Kafka-Meetup/events/276716115/
Percona Live 2021 - MongoDB Security FeaturesJean Da Silva
When we speak about security, the actual reality is that companies need to comply with multiples frameworks and regulations, and assessing which rules apply to each organization is no easy feat.
Over the talk, we will revisit the security feature we can implement in the #MongoDB environment. The aim is to provide further information on what you can use to help your company with future security implementations.
The topics presented will be:
* Authentication
* Authorization
* TLS/SSL
* External Authentication
* Auditing
* Log Redaction
* Encryption – Data at Rest and Client Field Encryption.
Speaker: Jean da Silva – Percona
Will St. Clair: AWS San Francisco Startup Day, 9/7/17
Operations: Security Crash Course & Best Practices! All companies should build with security and protection of customer data as the number one priority. This talk will cover a wide range of best practices from MFA, root accounts, encrypting laptops, inventory management, MDM, and incident response. You'll learn key principles of how to build a secure organization to protect your data. Don't wait until your first security incident before putting these best practices in place.
Cloud computing transforms the way we can store, process and share our data. New applications and workloads are growing rapidly, which brings every day more sensitive data into the conversation about risk and what constitutes natural targets for bad actors. This presentation reflects on current best practices to address the most significant security concerns for sensitive data in the cloud, and offers participants a list of steps to achieve enterprise-grade safety with MongoDB deployments among the expanding service provider options.
Developer's Guide to JavaScript and Web CryptographyKevin Hakanson
The increasing capabilities and performance of the web platform allow for more feature-rich user experiences. How can JavaScript based applications utilize information security and cryptography principles? This session will explore the current state of JavaScript and Web Cryptography. We will review some basic concepts and definitions, discuss the role of TLS/SSL, show some working examples that apply cryptography to real-world use cases and take a peek at the upcoming W3C WebCryptoAPI. Code samples will use CryptoJS in the browser and the Node.js Crypto module on the server. An extended example will secure the popular TodoMVC project using PBKDF2 for key generation, HMAC for data integrity and AES for encryption.
Eradicate the Bots in the Belfry - Information Security Summit - Eric VanderburgEric Vanderburg
Eric Vanderburg, Director of Information Systems and Security at JurInnov, presents "Eradicate the Bots in the Belfry" at the Information Security Summit.
Microsoft has provided an almost unlimited number of ways for you to securely deploy Azure resources; but people continue to make simple mistakes. In 2017 many organisations had breaches due to poor cloud deployment practices.
In this session, you’ll learn how to use Azure Resource Manager (ARM) templates to deploy resources in a secure manner. This session will look at Azure Storage, App Services, SQL, Virtual Machines and Virtual Networks. I'll discuss the costs, benefits and trade-offs of different design patterns and how you can secure your deployment pipelines.
Ransomware made headlines in 2017, with attacks shutting down the UK's NHS and costing Maersk shipping over $300m in lost revenue. Ransomware is a massive business for cybercriminals, driving the cost of bitcoin from $1200 to over $7000 per coin. We often see ransomware as some unbeatable force, however with some common sense controls and simple tricks, the damage can be reduced or even stopped. Join Kieran to learn some simple, free steps you can do to stop ransomware in its tracks.
The truth is that money can’t buy security just as it cannot buy happiness. Ransomware has become a cybercriminal’s most profitable enterprise, and something that IT professionals and even the general public now fear. Ransomware is actually pretty simple and unsophisticated code, and at times the damage can stopped with some simple tricks. Best of all, these are FREE!
DevSecOps, or SecDevOps has the ambitious goal of integrating development, security and operations teams together, encouraging faster decision making and reducing issue resolution times. This session will cover the current state of DevOps, how DevSecOps can help, integration pathways between teams and how to reduce fear, uncertainty and doubt. We will look at how to move to security as code, and integrating security into our infrastructure and software deployment processes.
DevSecOps, or SecDevOps has the ambitious goal of integrating development, security and operations teams together, encouraging faster decision making and reducing issue resolution times. This session will cover the current state of DevOps, how DevSecOps can help, integration pathways between teams and how to reduce fear, uncertainty and doubt. We will look at how to move to security as code, and integrating security into our infrastructure and software deployment processes.
Infrastructure Saturday - Level Up to DevSecOpskieranjacobsen
DevSecOps, or SecDevOps has the ambitious goal of integrating development, security and operations teams together, encouraging faster decision making and reducing issue resolution times. This session will cover the current state of DevOps, how DevSecOps can help, integration pathways between teams and how to reduce fear, uncertainty and doubt. We will look at how to move to security as code, and integrating security into our infrastructure and software deployment processes.
The IT industry has experienced rapid change and consolidation. The introduction of Cloud, Agile, DevOps and shortages in skilled staff have created immense pressure on enterprise IT teams. Organisations are concerned about the costs of data breaches, and need to act to ensure they do not become the next Yahoo, OPM or Target.
DevSecOps (or SecDevOps) integrates development, security and operations teams together to encourage faster decision making and reduce issue resolution times.
This session will cover the current state of DevOps, and how DevSecOps can help integrate pathways between teams to reduce fear, uncertainty and doubt. We will look at how to move to security as code, and integrate security into our infrastructure and software deployment processes.
DevSecOps, or SecDevOps has the ambitious goal of integrating development, security and operations teams together, encouraging faster decision making and reducing issue resolution times. This session will cover the current state of DevOps, how DevSecOps can help, integration pathways between teams and how to reduce fear, uncertainty and doubt. We will look at how to move to security as code, and integrating security into our infrastructure and software deployment processes.
Evolving your automation with hybrid workerskieranjacobsen
Azure Automation wants you to automate everything, everywhere. Hybrid Workers allow Azure Automation to reach new places within your infrastructure, allowing for more automation and less complexity. This session covers the basics of Hybrid Workers before looking at balancing workloads, managing resource dependencies, integrating with web hooks and monitoring job execution. The is a great session for anyone who is automating infrastructure or cloud resources.
Global Azure Bootcamp 2016 - Azure Automation Invades Your Data Centrekieranjacobsen
Azure Automation wants you to automate everything, everywhere. Hybrid Workers allow Azure Automation to reach new places within your infrastructure, allowing for more automation and less complexity. Learn how to deploy Hybrid Workers, balance automation workloads across groups of workers, trigger jobs off via web hooks, monitor jobs, remove scheduled tasks and much more.
Azure Automation wants you to automate everything, everywhere. Hybrid Workers allow Azure Automation to reach new places within your infrastructure, allowing for more automation and less complexity. Learn how to deploy Hybrid Workers, balance automation workloads across groups of workers, trigger jobs off via web hooks, monitor jobs, remove scheduled tasks and much more.
Join me for the presentation where a blue-screen of death, is the desired result! MS15-034 was a particularly interesting vulnerability that turned out to have more bark than bite. Using PowerShell to test for MS15-034 presents us with a number of unique challenges, the solution is to look at a lower level, with TCP connections. This presentation will discuss MS15-034, what the vulnerability was, and how we can exploit it. Learn about working directly with TCP connections in PowerShell and the ins and outs you need to know.
PowerShell, the must have tool and the long overlooked security challenge. Learn how PowerShell’s deep integration with the Microsoft platform can be utilized as a powerful attack platform within the enterprise space. Watch as a malicious actor moves from a compromised end user PC to the domain controllers and learn how we can begin to defend these types of attacks.
Since its release in 2010, the Hak5 Rubber Ducky has been an overlooked component to an attackers arsenal. With almost every computer on the planet accepting input via keyboards and the USB standard known as HID or Human Interface Device, the Ducky abuses one of the ultimate trust relationships within a computer. The Ducky makes use of an extremely simple scripting language for the development of payloads which can then be executed at speeds beyond 1000 words per minute. This presentation will cover off the creation of your very first through to advanced payloads as well as looking at some of the tools you can use to develop your own.
PowerShell, the must have tool for administrators, and the long overlooked security challenge. See Kieran Jacobsen present how PowerShell, with its deep Microsoft platform integration can be utilised by an attack to become a powerful attack tool. Learn how an attacker can move from a compromised workstation to a domain controller using PowerShell and WinRM whilst learning how to defend against these attacks.
Learn about the advances in Windows 8.1 and Windows Server 2012R2 that allow your users to work from anywhere in the world. Kieran Jacobsen will cover topics client seamless corporate connectivity with DirectAccess, managing BitLocker with MBAM, user document synchronization with Work Folders, addressing the needs of enterprise security and any performance requirements you might have.
CMDLets, scripts, functions, methods and modules all make PowerShell sound very complicated however with some simple guidelines you too can become a PowerShell automation Pro!
Infrastructure Saturday 2011 - Understanding PKI and Certificate Serviceskieranjacobsen
In every organization, there is a growing need for a strong well-designed public key infrastructure solution and in many of these; Active Directory Certificate Services will be used. This session will guide you through a solution based on best practice, shed some light on common issues encountered and some shortcuts to assist in management with PowerShell.
Are you considering deploying DirectAccess? DirectAccess is Microsoft’s next generation remote access solution providing a seamless corporate network connectivity experience. The session will cover a number of issues that IT professionals deploying DirectAccess should be aware of including load balancing, certificates, and IP Infrastructure requirements.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
3. Hello!
I am Kieran Jacobsen
Head of Information Technology @ Readify
Microsoft MVP, Cloud and Datacenter Management
You can find me at:
◇ @kjacobsen
◇ Poshsecurity.com
10. Restricting Access
◇ Does it need Internet access?
◇ Can we lock down by source IP address?
◇ Can we lock down to specific destination port
numbers?
11. Using SSO and MFA
◇ Enable and enforce HTTPS
◇ Enable SSO – Each user has an account
◇ MFA should be enabled for Internet exposed systems
12. Least Privilege
◇ Ensure CI/CD agents and processes run with least
privilege as possible
◇ Restrict who has admin access to CI/CD
◇ Audit privileges regularly
13. Patching
◇ Ensure servers are in regular patching process
◇ Plan for CI/CD patching and dependency tool
patching
19. Bad GUIs
◇ No standardization across vendors
◇ Confusing terminology
20. Attacks Happen
◇ “Microsoft Resnet - DNS Configuration Web
Vulnerability”, Vulnerability Lab, 2017-08-16
◇ “DNS Squatting with Azure App Services”, Posh
Security, 2017-08-27
21. DNS Control
◇ Open Source Software
◇ Developed and maintained by Stack Overflow
◇ Supports multiple registrars and DNS providers
◇ Can preview changes before pushing them
◇ https://stackexchange.github.io/dnscontrol/
32. Received: from DM6PR17MB2266.namprd17.prod.outlook.com (2603:10b6:4:ae::32) by
DM6PR17MB2266.namprd17.prod.outlook.com with HTTPS via
DM5PR07CA0103.NAMPRD07.PROD.OUTLOOK.COM; Tue, 4 Sep 2018 05:43:05 +0000
Received: from BN6PR1701CA0008.namprd17.prod.outlook.com
(2603:10b6:405:15::18) by DM6PR17MB2266.namprd17.prod.outlook.com
(2603:10b6:5:b9::24) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1080.16; Tue, 4 Sep
2018 05:43:04 +0000
Received: from SN1NAM02FT009.eop-nam02.prod.protection.outlook.com
(2a01:111:f400:7e44::208) by BN6PR1701CA0008.outlook.office365.com
(2603:10b6:405:15::18) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1101.13 via Frontend
Transport; Tue, 4 Sep 2018 05:43:04 +0000
Authentication-Results: spf=pass (sender IP is 167.89.85.8)
smtp.mailfrom=mail.haveibeenpwned.com; mydomain.com; dkim=pass (signature
was verified) header.d=haveibeenpwned.com;mydomain.com; dmarc=pass
action=none header.from=haveibeenpwned.com;
Received-SPF: Pass (protection.outlook.com: domain of mail.haveibeenpwned.com
designates 167.89.85.8 as permitted sender) receiver=protection.outlook.com;
client-ip=167.89.85.8; helo=o1.mail.haveibeenpwned.com;
Received: from o1.mail.haveibeenpwned.com (167.89.85.8) by
SN1NAM02FT009.mail.protection.outlook.com (10.152.73.32) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
15.20.1101.10 via Frontend Transport; Tue, 4 Sep 2018 05:43:03 +0000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;
d=haveibeenpwned.com;
h=list-unsubscribe:mime-version:from:to:subject:content-type;
s=s1; bh=mFx0zhuzDsGoIla8aGV2t+ISE1M=; b=MT6P3xrFdv+WhFes4+EM7fO
x//qsAcniNiv4B4hKTVsJ6Pnp+g4Kkb3o/BRQ1TjP9sMvwP/OePTdexGxujPdZzB
LOt6wAEJBMn0h8tPtAgVEzGtdQM2lHCeS1DQrnG35rzQMN3LhRra17sOKvbLLoUC
7F+6Op43i+2BoS4SYvMw=
Received: by filter0977p1las1.sendgrid.net with SMTP id filter0977p1las1-2529-5B8E1B66-6
2018-09-04 05:43:02.610378772 +0000 UTC m=+366954.998771853
Received: from RD00155D44C230 (unknown [137.117.9.67])
by ismtpd0003p1maa1.sendgrid.net (SG) with ESMTP id txkzLJa4SO6B0qzdI0m5JQ
for <kieran@mydomain.com>; Tue, 04 Sep 2018 05:43:02.037 +0000 (UTC)
List-Unsubscribe: <https://urlremoved>
MIME-Version: 1.0
From: "Have I Been Pwned" <noreply@haveibeenpwned.com>
To: kieran@mydomain.com
Date: Tue, 4 Sep 2018 05:43:02 +0000
Subject: Your Have I Been Pwned multi-domain search
Content-Type: multipart/alternative;
boundary=--boundary_2710_ddf525f8-32df-4a8d-a6f4-ab5741489b1e
Message-ID: <txkzLJa4SO6B0qzdI0m5JQ@ismtpd0003p1maa1.sendgrid.net>
X-SG-EID:
+hTzZUFBwwi5yR2OMYXnaQJFW8TOSIir+ZvRtvyXczg2YNwtGFNGQYcU8wudo+ZrCqjUGTE1K7nSBP
5oomozYC/01sK+uie2ApKprETt/vO2Lv+TNL7s1gJmvfwaj0BFNwjD/9u6tP91Vz860+gV2/p/NEen
0ZxTiNi3a8SzmZDMOG0bY4Z59/7RDY7gbSLD+VS8N1NczjWiQH9jdwSx3M7pXbC0RF6ipIy1zZ8x2l
avbHIGsYYRAxxwQGVVHd21
Return-Path: bounces+3489673-b289-kieran=mydomain.com@mail.haveibeenpwned.com
X-MS-Exchange-Organization-ExpirationStartTime: 04 Sep 2018 05:43:03.4300 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: Original Submit
X-MS-Exchange-Organization-ExpirationInterval: 2:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: Original Submit
X-MS-Exchange-Organization-Network-Message-Id: 4c8ae022-303a-41ec-2ca2-08d61229483b
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 17455d0b-6bc6-4378-b0ac-3b058ee8070f:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report:
CIP:167.89.85.8;IPV:NLI;CTRY:US;EFV:NLI;SFV:NSPM;SFS:(8156002)(2980300002)(1060300004)(43800
2)(596005)(189003)(199004)(84326002)(2361001)(110436001)(146002)(1096003)(106466001)(2351001)(1
6003)(10126004)(606006)(7596002)(4290100001)(7636002)(14444005)(54206008)(8676002)(6916009)(35
6003)(246002)(336012)(79686004)(486006)(956004)(26005)(126002)(236005)(980100002)(6306002)(4760
03)(733005)(22756006)(104016004)(22746007)(9686003)(16586007)(106002)(63394003)(567944001)(966
005);DIR:INB;SFP:;SCL:1;SRVR:DM6PR17MB2266;H:o1.mail.haveibeenpwned.com;FPR:;SPF:Pass;LAN
G:en;PTR:o1.mail.haveibeenpwned.com;MX:1;A:0;
X-Microsoft-Exchange-Diagnostics:
1;SN1NAM02FT009;1:wi11LpUFTWFp0gb5YlNIGEaNEGU2rna36xyH4a5AJiz9gjzxQqGtHlppXPTEvGiVCO
JR3Sj+4HjNSfjNUjLLtmvzGSOoRFNm855+VJ6+3JLbQksYX3oKTSPGc+8EMyLK
X-MS-Exchange-Organization-AuthSource:
SN1NAM02FT009.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 4c8ae022-303a-41ec-2ca2-08d61229483b
X-Microsoft-Antispam:
BCL:1;PCL:0;RULEID:(7020095)(4652040)(5600074)(711020)(4605076)(4608076)(4614076)(1401180)(800
1031)(1402068)(71702078);SRVR:DM6PR17MB2266;
X-Microsoft-Exchange-Diagnostics:
1;DM6PR17MB2266;3:ej9TbMdL0OIw4mKtiDVFPLiUpkwROW5rswXXfsDaUJwFnd1h/QAPCLxyFrjzTYlJL/
TWhrsMIYmWK82QKP/tbN+QrnK4LApcJ9GwDffU9h8/PHuxj21XRraxdUYm7VKsQIawnBVWoaaYvf2qWXe
+rHnR2a6Qk4MyO7JtnggRL+33Mcf1USvtY8rCwResamsGQvZjr+vK18b8DAnCN8xq2TQPBd36xG2XOAIM
xP6M0oHZ31nhNJf4nQvrBBJcO7fDb8a50UdBjUyUN5xN0YiDRNBFeMTkGRlZlXlbCVybepxEp3lF/6nWwQ8
ZxHj9iOOYLVNToU7/qBZghVX8YbPhFw==;25:EcoRo5mofseoCxCAbj6wjDMds1YwpRfvVuujsciCdQxBCEP
YXY0H0NLSGw78SdiLtHHWMTZ4udmGL6LxQyaqWmlpNqCp9aorSUMEfzq8tIOmkNq69P3FnEsNFH2sDZ
2mYwtTDAhKcoOkI+AECosW0x7+RU/TYRlwyeyN5qyllJDDt2Q44qodQafv6l8XKua3l9Fa/bxsK3eKsJGiYMe
ktKG1W+04N3gZHOPSUFZmIJTVJjSmb+Lgp6xHL+DTJjFwb571ZgHmfuZflnRzat3NWrNFCJgAJcivxhvGS
+z8F/gXoCOuppUKuGRGY/a7NtEWqgjnfcchidJk6c5TXpPeqw==;31:aDiAsMKcn0ByGkWTPDzn6rgbT4eRq
GmJAZInmz4VG5G9y3ulpKh0Msp3ZXd8+qgBqHZQXEtJR5kaC8wAPDuT8XveMEgbyiDQSUtzXEretXUAQ
bSXOL/7dDfJbEbI3ll80tNGhWFZ5hj+t5+k873eJ6PqAUeamXlQf61Il4HMBdhKLP9k6rik/88lDPwVW6R3Xad/
NdWHYPYdJ0xIqCT40q+ifvKHDYxZYrRxOfz4ANA=
X-MS-TrafficTypeDiagnostic: DM6PR17MB2266:
X-MS-Exchange-AtpMessageProperties: sap=1;slp=1;
X-Microsoft-Exchange-Diagnostics:
1;DM6PR17MB2266;20:LGeJPMtgY60vAq9/uY3vwo/5ter8iXlSLBWvZQngLpcAdxLrz/CW8WP9Snx/TlHpqz
XlEiTbpG4Ir7MbE8iBS1Qw4E6BTl2c0/EiMw07dQDqcgolDIXVvx+yyyqUV4HyhXnFocGBGLlgt+kHu2WvuE+
kzJZ7N4V7+dqCWmo9SJHxkbqxm3eQF1larU1bKSPQwRrF56KLa0DUlnQGcLssoeCMgD5bjnlNEpaZyvGq
c6BQVaSle198H+MDJeD7J0VJ;4:ReU99nAyCONI4wQ9uixj6fZz4OMfS7iOjg7vpcgfIaNBQrkSVCafktPFBw4
3l3X41ysDtZ+O3nV7++jurtW0MTegiHfTXmazzw92FsKz5yKWVQ0hh+kjxvy1+6AfVic8L5SpbZNPaZ0k2sSW
4V/LNFO9+zwtWnja9DVNXpu1Z1x1zVd2KhflqGonDnmDltLLapdtE1hdnLdc50vloOkfKV9IW0n7FQZB8L9txd
e4n4JPiHO5PC5PjmAa5OCG9dEA6z4KOYLtYOUzZY93jLVvT1WbJjVXrXiwOZC8gJxWxJuWHwQ6iR53IyL
KpaA8iqjUKW8o15TRbVy7OZ2B5/DDfMr1BC5fDtvWKY1xZu8thWfS99yrqPFh691DsPstzwMZOr74e7qcu7s
RSOSOo8smr6bvoRfQClG9pSmahkycjJsyWk63dhJ4u1AaOx0D6uFg7m2mKktF7io0muku/KDnytfNeC/waB
elMP4qj1Fz4T4K6PQZSBXxlt5li2tiTHth3uAb6+ebQpy7fmQXRSgyXGr0F/1fGRhnHeLDBDCE0Lq1hcQgEd9
1+xigWroFlrW2aiNXQFa/ZeRZrXbyh8C5sYzmdv2OO85aWkuEPxLffy9qdoPko0nzF3jOO/Lyo/XE
X-Exchange-Antispam-Report-Test:
UriScan:(148322886591682)(31418570063057)(116415991822766)(128460861657000)(211936372134217
)(80641642340047)(86561027422486)(81227570615382)(81160342030619)(64217206974132);
X-Exchange-Antispam-Report-CFA-Test:
=?us-ascii?Q?BCL:1;PCL:0;RULEID:(8211001083)(2018021200217)(2018011200283?=
=?us-ascii?Q?)(2401047)(701105)(8121501046)(2018021201217)(2018011210174)?=
=?us-ascii?Q?(2018011211064)(2018011212028)(2018011213028)(2018011214028)?=
=?us-ascii?Q?(2018011215028)(2018011216028)(2018011217028)(2018011218028)?=
=?us-ascii?Q?(2018011219092)(2018011220252)(2018011221063)(2018011222027)?=
=?us-ascii?Q?(2018011223027)(2018011224027)(2018011225035)(2018011229035)?=
=?us-ascii?Q?(2018011232269)(2018011233052)(2018021202149)(98810176)(2018?=
=?us-ascii?Q?021203149)(98815176)(2018021210244)(2018011240279)(1430482)(?=
=?us-ascii?Q?1431068)(1432130)(1551054)(823301075)(823300264)(823311075)(?=
=?us-ascii?Q?9101536074)(93006095)(93005095)(88839001)(10201501046)(30020?=
=?us-ascii?Q?01)(3231311)(901025)(902075)(913088)(7045084)(944501410)(930?=
=?us-ascii?Q?0000166)(9301004277)(52103095)(52102095)(73117211)(111716171?=
=?us-ascii?Q?)(52105095)(52106170)(88801588)(2018021211244)(2018011241182?=
=?us-ascii?Q?)(2018020100189)(2018021213027)(52408095)(98821027)(98822027?=
=?us-ascii?Q?)(52401380)(52505095)(52406095)(52305095)(52206095)(88860193?=
=?us-ascii?Q?)(52409095)(88380075)(88381075)(1610001)(8301001075)(8301003?=
=?us-ascii?Q?183)(201708071742011)(7699016);SRVR:DM6PR17MB2266;BCL:1;PCL:?=
=?us-ascii?Q?0;RULEID:;SRVR:DM6PR17MB2266;?=
X-MS-Exchange-Organization-SCL: 1
X-Microsoft-Exchange-Diagnostics:
=?us-ascii?Q?1;DM6PR17MB2266;23:MjijHHSymIpa4daDMcu27pBFpHW3Wgkpy6a/BdxZ5?=
=?us-ascii?Q?iVP+5gu9obK7CFhZItAqUIkGqvw14v1FNoBZ/fmfOpE79poZiBwGAyNi8yRZ?=
=?us-ascii?Q?tsgAkAYMIpFjfTgojMicSzMbSJydeEeY3H08wwoLgH19c9HVte8sXgJ1WfA4?=
=?us-ascii?Q?yXCZk3COdvARMN24Co5J7yPkAWpDn4HxFftiuP5Hl3y1LIu1JBYwbfktpv6U?=
=?us-ascii?Q?795QWsEGNxqIZSYxpkOxO/g1RMJhrzehVKVFfjyxvEbOL7775yXBKZ5csyGX?=
=?us-ascii?Q?y8UVRYOHca8O6zMqTUd1cyZXIphUSDUDLKsB326zlWyEZK82OelVIwDrPq03?=
=?us-ascii?Q?tJn70hOavlsd+RAE7QnD/EuFHGmNKVfZo6MftpjApR7HsP5sanLRv9pHu4p4?=
=?us-ascii?Q?MiMh4rsW2hNnc7DuodokiPFYxeX5MtftlJi9dCQf4woTFYfcfg0HUWcMk8VB?=
=?us-ascii?Q?rFEP7aGJyQjFLgxgL4VTvmansBok5R0u6UFG6YU88OPyxIOaC1Et0LgjKb79?=
=?us-ascii?Q?pD5W5aDi+jnElY48OExP3QXVmMVm8DD9wA2yQ8LN4z4Z8DQ0NMJamxRyIM4l?=
=?us-ascii?Q?dNNv4JZjXt9cSKsHOd7IPq727ASvEW9cbPZBq7WUM2rz/YceWNzCs4qoN0ZL?=
=?us-ascii?Q?PN4S92TwvzAakZPLHCPDbp5YnGk9Ph1wP6ZzNE/a7GT+j9uXrr7MEtMtk+7d?=
=?us-ascii?Q?H3NOTSKg5Schy+iofxpTJ/Lntuy94IWPoGiWej36zzIXuzYw3d4riRZ5pjOZ?=
=?us-ascii?Q?hXG5HQ03Tea9zVbwDj1rFz9+vU/qqQ0c0snBITS0RLzDrgks8W1ymFI2DgIN?=
=?us-ascii?Q?Ro60tMFtQoW0gcsF7rnvHowrSpY5gmLcx+02vvFi1M7ml5wHuxcFmot4wVUF?=
=?us-ascii?Q?HjB4mPkZmafQyloAs2Z8ZxIGeevluby5t+ZnZbesx/rbI9+/Bp7Zy1P0veDc?=
=?us-ascii?Q?8o=3D?=
X-Microsoft-Exchange-Diagnostics:
1;DM6PR17MB2266;6:uz9p8W0bG2kbLAYtAtf7xqoKMw1yOARNVewWdUoyAdqSmbyDIR0HMBR2W3/k2g
i6X3IDcEGMD7Fpvo08EMJ+SfmOddzWlEiwFP76Bqmi5AsqgnJznKO+GF69X9rhZJxraGpmbKDUTEuaTmt
pw093K/S35GHbb5tNwFNjIg2f8qdMx4s/e9oIlA//uyNxRDpD6JNMUwrS/p3IYXkjvcORBKhiuYWphsRQBiiesg
yp7kZdzKMKQ5CWzFyqV2ZwuiDM1/F3obSWn6egqNBE4HOkDmrfoW1euN4zlpOiadFosO1T4gH4ATSM9
VeGjGW/fGU/detf66gEVwQKDfzPeVhb9OVsGKPvKuBhjzA+X05yHhTc1sFH5+cXTKkgCS0rwKzvMahD3yt
ZyIpiwV5VL7RDKF08keH7vHTUFXVWgAhxoWHOIHFyTT7l6AcpXlgH4gwiXqBOg+xnyqUw0XoZr+GF5A==
;5:uAJiceBBbrE/6tAICnHu85ZpJXj9yFvM0sqc2IzTnHyTswjWHO/db+mpypw4ivwX6dYA+qMtG3kHvBqsgXlj
m0drHfmk8TMfAjkgRDWoeDDmY5bCPfvgAIto+knYoMKjV7fCcw8/niID0BsNmiYJfg7n0aoxpx+2wqjLAvjBZv
4=;7:LI0Y7zughzYIPqr/gGmm1xKNj3LZTFmybLhNkdbTlLeHsR4l54uONyOGZvwUoMGgks2PjIbp8SokAtLH
aKbS/eyICoo4iuyEopDB3j1eHvCwxYUo8VtVkRR+d3mxE95aBNO1XtjGmsB1bnF2KVGTgrGi897Ss2MNaR
GOsUckTXDLFqQxbOJ5hyWLpkuU/eIM2b4gQUNPihv38eTvKldBq1n+39phSRzZA1RFg4d/khjVIMxebyNPN
ItFu/P0fe0J
X-MS-Exchange-Safelinks-Url-KeyVer: 1
X-MS-Exchange-Safelinks-Url-KeyVer: 1
X-MS-Exchange-ATPSafeLinks-Stat: 0
X-MS-Exchange-Safelinks-Url-KeyVer: 1
SpamDiagnosticOutput: 1:5
SpamDiagnosticMetadata: Default:1
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Sep 2018 05:43:03.1488
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 4c8ae022-303a-41ec-2ca2-08d61229483b
X-MS-Exchange-CrossTenant-Id: 17455d0b-6bc6-4378-b0ac-3b058ee8070f
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR17MB2266
X-MS-Exchange-Transport-EndToEndLatency: 00:00:02.6667033
X-MS-Exchange-Processed-By-BccFoldering: 15.20.1080.019
X-Microsoft-Exchange-Diagnostics:
1;DM6PR17MB2266;9:dPIAHVEnRkG2VjM7ZpQkOq2wgKeR3tACewk0Bvz58pmNg6QRgjyivTMx188PP
XuS4m56I3YF1yEh7nKgp7fLnxk8lbou5TCmf8Eh7pcDL3PkfYZPD5GXFb5gmudpViM7
X-Microsoft-Antispam-Mailbox-Delivery:
dwl:1;ucf:1;jmr:0;ex:0;auth:0;dest:C;OFR:CustomRules;ENG:(20160514016)(750119)(520011016)(52000
8050)(702028);
X-Microsoft-Antispam-Message-Info:
zpAbROfcZWD78p80tevS/LMz9QHOS4d2LlTO+682yaNvILO8H16wYMWkoBjUGTcQDlj7zFspHhpdOEk
YDFZTFnamfzVu2o2Kp/OCpfZ9v4Cyp7K2nWWmlblRxh5fsI9+/lWgm08J6rCDyzTM9NN7uJzOiXs43qV6Q0
y7KcST0ckU7Sp0Hgyo/nkl+UAkyef12IR+7dkxH/ind0ZxOADQuqDLQbU+PvtEjRAvKGXS7loSU0yGhRjGyn
ZHOb8j+FMCQANWCAFM1dTxKlYl9HP0YaWaGk6HB8BlcL3MoKGRcALS5THCqRGD/zac7ZAxDI/J/e2Ow
tlEjf1uFh/nBQkCgfDCr2X8RqtAikIbEFsJPVGPJBi+k8aAUPUPZGkSlt0B2AMrhtwdV32bYQCXk4UaksJzLDv
4wDgLi8lGUV/y5pEtOVz99wNBWQ5OpCHE3pgFjkxb5zIYhFM5ZJXet8nv/ulFC9onQ+mdCiFLs4SH4rOkRA
pPFHpFAuVu/vKst6TSMnH5pTVglVMp3b8C7Gc4WgKXC8Tdzast0DIJ6/zUMY4P1kHveamSlhBwGy0PGtxa
2wuRczLGYdag78CtYgmeYvYjXUiu6tohofpGNAmxT7uMldb2seQUe+b4uDujggRTHkpWi3S5RyHO6/sp3M
YfA8l0UETuUjL1kzCV7Q8/4UacZH/bjdPcLskr2AxqFXCY8ZY3KM5S+BYcQTX/MKkpu3KAV0zmCpHgSKdi
OIpHhj+GS8Gtg4N1RjyMZzw3EYz4F6cZoZNnwBPvj2TI3uIrjVGuVwxn8OoHacRFEYQ1tfx8rat1xAo6aFe6C
HvKnEUglW5tvrRvT+tmabuYvgrIMWSUsl9FncxEbclYyg76YTUupKFP+gAL6S2/wZYd0A/eVqvioKIFBkmRm
CSAlHPsgPorcsUyi/hiTMD26/lDkjY0kP+ISTuT6w2Pyl1tfRDYpf5nTF20FdG/cEN2Z0FFeQ==
X-Microsoft-Exchange-Diagnostics:
1;DM6PR17MB2266;27:Iscb/jTS4lE7U+vmRoRlVrfharBAzO5uTWBmzTJGhqmtVSWSp1LnahQKSFCSQ
EciBzrWWFLdjfEI17TmwcW4jrMfbV/O/RQevvFLSzGxqsQTPDrC7DeBAPsmhpEnK1sChyTZ3wdUUOohba
VLstcRBHdS3smjjm76fJHln9UqqlmC5ll2Rty3qs5qwwX/32xfDpMXpZnqB2pevPGLfL8z5fMI82S7LSfrIk+jJtg1
lX/gWM4Jk1OvLAKrotZdeXBPo9ocnIAFDEfDIAR+9vpP4S1vQ3j18m1Y/QfQMe9M5YatrSJq27O/6lR9+4jtnl
LFgL1kEAjOfZ5cYOs8sl76sAwpUzrDXtGMw2zyfVsw8lGyiXjoa7WJdzUgFE1FJeBqjjMZ7WwR47KzTry7y6w
afIOace9kBZ+jivG8U0Bv4QhX0pbVp2QkDwIRp1K3vhhyWUjfeXXWr1iZU+A7dvJb6A==
33. From: "Have I Been Pwned“
<noreply@haveibeenpwned.com>
Return-Path: bounces+3489673-
b289-
myuser=mydomain.com@mail.haveibe
enpwned.com
34. Identifying Sources
◇ Your mail servers
◇ Applications
◇ Marketing campaign servers
◇ Bulk email services
◇ SaaS products
35. “
We can’t use SPF, DKIM or DMARC
because we don’t know who is
legitimately sending email as our
organisation‽
36. SPF
◇ Validates mail is coming from authorised IP
addresses
◇ Information stored in DNS
◇ Validates envelope-from address
◇ Can include other SPF records – Office 365 etc
◇ DNS query limitations
37. DKIM
◇ Uses digital signatures to validate mail
◇ Validates Message-From header address
◇ Public key(s) stored in DNS
38. DMARC
◇ SPF and/or DKIM
◇ Alignment checks
◇ Allows domains to specify action if checks fail
◇ Reporting
◇ Policy stored in DNS
42. Browsealoud
“UK ICO, USCourts.gov... Thousands of websites
hijacked by hidden crypto-mining code after popular
plugin pwned”, The Register, 2018-02-11
44. “
The maintainer whose account was
compromised had reused their npm
password on several other sites and
did not have two-factor authentication
enabled on their npm account.