The document discusses the Equation Group, a highly sophisticated cyber threat actor that creates advanced malware. It focuses on Grayfish, malware that resides completely in a hard drive's registry and uses a bootkit to gain execution at startup. Grayfish flashes the hard drive's firmware to install an infected virtual boot record and hidden virtual file system to store data and malicious modules. It is nearly impossible to detect and removes all traces of itself to maintain long-term persistence on infected systems.
Equation Group : Advanced Secretive Computer Espionage Groupanupriti
The Equation Group is a highly advanced secretive computer espionage group, suspected by security expert Claudio Guarnieri and unnamed former intelligence operatives of being tied to the United States National Security Agency (NSA). Because of the group's predilection for strong encryption methods in their operations, the name Equation Group was chosen by Kaspersky Lab, which discovered this operation and also documented 500 malware infections by the group's tools in at least 42 countries.This presentation gives an over view in brief based on the Kaspersky Report.
OWASP Top 10 - Day 1 - A1 injection attacksMohamed Talaat
This is my power point slides for the OWASP Cairo Chapter event held in (Information Technology Institute) on 16/3/2019.
It's focused on SQL Injection attack, command and code injection and their mitigation, also at the last minutes in the presentation I made a demo on the blind sql injection attack using one of pentesterlab vulnerable machines.
DerbyCon 2016
Nick Landers @monoxgas
External mail via Exchange is one of the most common services offered by organizations today. The Microsoft Office suite is even more prevalent making Outlook the most common mail client around. This talk focuses on the abuse of these two products for the purpose of gaining code execution inside remote networks. Subjects include E-Mail and password scraping, OWA/EWS brute forcing techniques, and new research into abusing Outlook mail rules for remote code execution. Learn about the capabilities of client side rules, the underlying Windows APIs, and how to modify these rule objects to make phishing attacks obsolete. Security Consultant at Silent Break Security. Professional Hacker for 2 years. Current work involves writing custom malware and researching unique attack vectors that abuse functionality in windows environments.
Make an IPSEC VPN which will be a redundant one with two VyOS firewalls per site.
I made this document so that people who check for vpns/ipsec has a place to implement a free router/firewall appliance virtually on any hardware and have the necessity going on.
VyOS is a fork from Vyatta which happily runs on a Intel Atom based hardware with at least 256 MB RAM and a HDD with 500 GB storage.
It supports dot1q VLANs, IPSec Site-to-Site/Remote Access VPNs over GRE for B2B connectivity. It supports RIP/OSPF/BGP dynamic protocols. It has support for both interface based and zone based firewalls.
Equation Group : Advanced Secretive Computer Espionage Groupanupriti
The Equation Group is a highly advanced secretive computer espionage group, suspected by security expert Claudio Guarnieri and unnamed former intelligence operatives of being tied to the United States National Security Agency (NSA). Because of the group's predilection for strong encryption methods in their operations, the name Equation Group was chosen by Kaspersky Lab, which discovered this operation and also documented 500 malware infections by the group's tools in at least 42 countries.This presentation gives an over view in brief based on the Kaspersky Report.
OWASP Top 10 - Day 1 - A1 injection attacksMohamed Talaat
This is my power point slides for the OWASP Cairo Chapter event held in (Information Technology Institute) on 16/3/2019.
It's focused on SQL Injection attack, command and code injection and their mitigation, also at the last minutes in the presentation I made a demo on the blind sql injection attack using one of pentesterlab vulnerable machines.
DerbyCon 2016
Nick Landers @monoxgas
External mail via Exchange is one of the most common services offered by organizations today. The Microsoft Office suite is even more prevalent making Outlook the most common mail client around. This talk focuses on the abuse of these two products for the purpose of gaining code execution inside remote networks. Subjects include E-Mail and password scraping, OWA/EWS brute forcing techniques, and new research into abusing Outlook mail rules for remote code execution. Learn about the capabilities of client side rules, the underlying Windows APIs, and how to modify these rule objects to make phishing attacks obsolete. Security Consultant at Silent Break Security. Professional Hacker for 2 years. Current work involves writing custom malware and researching unique attack vectors that abuse functionality in windows environments.
Make an IPSEC VPN which will be a redundant one with two VyOS firewalls per site.
I made this document so that people who check for vpns/ipsec has a place to implement a free router/firewall appliance virtually on any hardware and have the necessity going on.
VyOS is a fork from Vyatta which happily runs on a Intel Atom based hardware with at least 256 MB RAM and a HDD with 500 GB storage.
It supports dot1q VLANs, IPSec Site-to-Site/Remote Access VPNs over GRE for B2B connectivity. It supports RIP/OSPF/BGP dynamic protocols. It has support for both interface based and zone based firewalls.
Turla is a very old and prolific threat group that has been attributed to the Federal Security Services (FSB) of Russia publicly by a foreign intelligence agency. Operating since the late 90s, they have compromised major government entities with a heavy focus on embassies and former Soviet states. In this talk, I will detail the immense capabilities of Turla, which include use of Satellite networks for infrastructure and the ability to stay undiscovered on victim networks for several years. And with Russia actively engaged in open warfare in Ukraine, it's important for all organizations to stay informed and prepared against this specific threat group.
With the big delays in the time it takes until an iOS jailbreak is public and stable, it is often not possible to test mobile apps in the latest iOS version. Occasionally customers might also provide builds that only work in iOS versions for which no jailbreak is available. On Android the situation is better, but there can also be problems to root certain phone models. These trends make security testing of mobile apps difficult. This talk will cover approaches to defeat common security mechanisms that must be bypassed in the absence of root/jailbreak.
XXE Exposed: SQLi, XSS, XXE and XEE against Web ServicesAbraham Aranguren
XXE Exposed Webinar Slides:
Brief coverage of SQLi and XSS against Web Services to then talk about XXE and XEE attacks and mitigation. Heavily inspired on the "Practical Web Defense" (PWD) style of pwnage + fixing (https://www.elearnsecurity.com/PWD)
Full recording here:
NOTE: (~20 minute) XXE + XEE Demo Recording starts at minute 25
https://www.elearnsecurity.com/collateral/webinar/xxe-exposed/
API Vulnerabilties and What to Do About ThemEoin Woods
In this talk we will review the current security landscape, particularly as it relates to API-based applications, and explore the OWASP API Security Top 10 vulnerabilities in order to understand the top security threats to our APIs, which ones we might have missed in our systems, and what practical mitigations we can use to address them when we get back to work.
GRAYFISH is the most modern and sophisticated malware implant from
the Equation group. It is designed to provide an effective (almost “invisible”)
persistence mechanism, hidden storage and malicious command execution
inside the Windows operating system.
Turla is a very old and prolific threat group that has been attributed to the Federal Security Services (FSB) of Russia publicly by a foreign intelligence agency. Operating since the late 90s, they have compromised major government entities with a heavy focus on embassies and former Soviet states. In this talk, I will detail the immense capabilities of Turla, which include use of Satellite networks for infrastructure and the ability to stay undiscovered on victim networks for several years. And with Russia actively engaged in open warfare in Ukraine, it's important for all organizations to stay informed and prepared against this specific threat group.
With the big delays in the time it takes until an iOS jailbreak is public and stable, it is often not possible to test mobile apps in the latest iOS version. Occasionally customers might also provide builds that only work in iOS versions for which no jailbreak is available. On Android the situation is better, but there can also be problems to root certain phone models. These trends make security testing of mobile apps difficult. This talk will cover approaches to defeat common security mechanisms that must be bypassed in the absence of root/jailbreak.
XXE Exposed: SQLi, XSS, XXE and XEE against Web ServicesAbraham Aranguren
XXE Exposed Webinar Slides:
Brief coverage of SQLi and XSS against Web Services to then talk about XXE and XEE attacks and mitigation. Heavily inspired on the "Practical Web Defense" (PWD) style of pwnage + fixing (https://www.elearnsecurity.com/PWD)
Full recording here:
NOTE: (~20 minute) XXE + XEE Demo Recording starts at minute 25
https://www.elearnsecurity.com/collateral/webinar/xxe-exposed/
API Vulnerabilties and What to Do About ThemEoin Woods
In this talk we will review the current security landscape, particularly as it relates to API-based applications, and explore the OWASP API Security Top 10 vulnerabilities in order to understand the top security threats to our APIs, which ones we might have missed in our systems, and what practical mitigations we can use to address them when we get back to work.
GRAYFISH is the most modern and sophisticated malware implant from
the Equation group. It is designed to provide an effective (almost “invisible”)
persistence mechanism, hidden storage and malicious command execution
inside the Windows operating system.
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdflior mazor
Stay safe, grab a drink and join us virtually for our upcoming "Vulnerability Alert Fatigue and Malicious Code Attacks" meetup to hear about How to Cover Known & Unknown Risks in your OSS,
Supply Chain Security Maturity model, known vulnerabilities in IAM and ways to incorporate security in the package update process.
kali operating system LINUX UNIX MAC Window presentation ubanto MAC KAli features compare of kali and unix in hindi easy present ppt slideshare tolls hacking penetration ethical hacking KALI top ten feature best hacking tool
Andrea Lelli, Microsoft
My presentation will trace the end-to-end WannaCrypt (also known as WannaCry) attack. I will start with an analysis of the underlying SMBv1 remote code execution kernel-mode exploit dubbed "Eternalblue", a powerful cyberweapon leaked by a hacker group known as "The Shadow Brokers".
I will then describe how the Wannacrypt ransomware works, and show how the cybercriminals leveraged the EternalBlue exploit to spread the ransomware and achieve a massive and unprecedented infection rate, leaving hundreds of thousands of machines affected. I will highlight the Windows 10 kernel mitigations that granted the OS immunity from the attack.
I will also focus on some interesting characteristics that make WannaCrypt particularly sophisticated, like the file-wiping and space-consuming capabilities designed to make the recovery of the original files nearly impossible.
I will conclude with a look into how much the perpetrators might have likely earned from the attack. An analysis of the Bitcoin transactions shows that the cybercriminals pooled around $137 dollars to date, which is a huge amount of money, but doesn’t seem to scale with the extent of infection. Not to mention, Bitcoin is a double-edged sword and there’s a good chance that the cybercriminals may not be able to cash out a dime. In this section I will also mention some copycat malware that tried to spread using the same SMB vulnerability (e.g. NotPetya).
I will end the presentation with advice on preventing, detecting, and responding to ransomware attacks.
Delivered a 10-15 minute presentation and Q&A session with co-presenters Rula Danno and Darren Rolfe in January 2015 for the Introduction to Computer Security (EECS 3482) course at York University, Canada, about the software vulnerability in the Bash command interpreter, dubbed Shellshock, that was discovered in September 2014.
http://www.eecs.yorku.ca/course_archive/2014-15/W/3482/
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...PaloAltoNetworks
Palo Alto Networks Live Community Senior Engineers Tom and Joe present best security practices at the Fuel Spark event in London. For more details, please visit: https://live.paloaltonetworks.com/t5/Community-Blog/Live-Community-team-at-Spark-User-Summit-London/ba-p/153182
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...Apostolos Giannakidis
This talk provides an introduction and detailed overview of Java deserialization attacks. You will understand the basic concepts of how Java deserialization exploits (gadget chains) work, what solutions exist and the advantages and disadvantages of each. Finally, a new approach will be presented, using Runtime Virtualization, Compartmentalization and Privilege De-escalation.
This talk was presented by Apostolos Giannakidis at the OWASP London meetup on May 2017.
Presentation by Marco Slaviero at Tshwane University Of Technology.
This presentation is about protecting your
your computer against malware. The presentation
begins with a look at different types of malware.
Determining program intent in a general way is discussed. The presentation ends with discussions on practice strategies for both home and enterprise users to protect their computers from infection.
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...Orbid
Cybercriminelen werken steeds gerichter en focussen zich niet meer alleen op de multinationals van deze wereld. Ook uw onderneming kan het doelwit zijn van dataverlies en -diefstal. IT-security klimt dan ook steeds hoger op de prioriteitenlijst van CEO’s en CIO’s. En terecht. Om bedrijven te informeren over de belangrijkste veiligheidsrisico’s en beschermingsmaatregelen organiseerden Orbid, Proximus, Veeam en WatchGuard een gratis lunch & learn: “Cybercrime en de continuïteit van uw onderneming” op 2 juni in de opnamestudio's van RTV in Westerlo.
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...AI Frontiers
The progress of AI in the last decade has seemed almost magical. But we will discuss the unique challenges posed by Security and what makes this domain the biggest challenge for AI. Reporting from the frontlines, we will describe the deployment of large-scale production-grade AI systems to combat security breaches, using lessons learned at Avast from defending over 400 million consumers every single day. Topics will cover the recent AI advancements in file-based anti-malware solutions, behavior-based on-device solutions, and network-based IoT security solutions.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
2. “
The Equation Group is probably one of the
most sophisticated cyber attack groups in
the world; and they are the most
advanced threat actor we have seen.
- Kaspersky Lab
3. What is
THE EQUATION GROUP
◦ Highly sophisticated threat actor
◦ Only targets specific victims
◦ Multiple malware platforms
◦ High technical expertise and resources
◦ Create some of the most advanced threat
4. TOOLS AND MALWARE
Fanny
◦ Maps air-gapped
systems using USBs
and Stuxnet exploit
Triplefantasy
◦ Full-featured backdoor
◦ Targets validator
Equationdrug
◦ Modular plugin system
◦ Dynamically loaded by
the attackers
Grayfish
◦ Resides completely in
the HD registry
◦ Use a bootkit to gain
execution at OS startup
Data Access
◦ Knowledge of several
software and hardware
manufacturer designs
C & C Servers
◦ Issue commands to
malware, and collect
stolen data
◦ More than 400!
5. “
Equation Group are the ones with the
coolest toys, every now and then they
share them with the Stuxnet group and
the Flame group, but they are originally
available only to the Equation Group
people. They are definitely the masters,
giving the others bread crumbs.
- Costin Raiu (director of Kaspersky Lab's global
research and analysis team)
6. GRAYFISH
Flashes the firmware of HDs inserting
a ‘pill’
Hijack the boot sequence of the
operating system
Install a Virtual File System in the
registry of the hard drive
Malware execute codes and steals
information
7. GRAYFISH: THE ARCHITECTURE
BBSVC service
(polymorfic-loader)
Shellcode from
registry
Exploit for Elby
driver + loader (Kernel
mode)
Load platform kernel
mode for orchetrator
(fvexpy.sys)
Load user-mode part
from registry
(mpdkg32/64.dll)
Start payloads
(registry)
X1000 SHA-256
+ AES
Infected VBR
Encrypted container
file + Pill
9. WHY SO DANGEROUS?
“After infection, the computer is not run by itself anymore: it is GRAYFISH
that runs it step by step, making the necessary changes on the fly.”
-Kaspersky Lab
Invisible
Not possible to
be detected by
standard
antivirus
Persistent
Reinstalling
operating
system or
updating the
HD firmware
does nothing
Design
Equation group
got a hold of so
many major
designs
10. HOW TO DETECT GRAYFISH?
Very difficult:
• Malware is hidden in
service area of the HD
• Specific circumstances
can trigger GRAYFISH
self-destruction.
11. HOW CAN WE PREVENT IT?
Attempts to tamper the
firmware will fail verification
BUT: firmware was not
designed with security in mind
Manufactures must sign
firmware
16. DATA
Malicious PHP script injected into hacked discussion forums
MAIN TARGETS:
• Islamic Jihadist discussion forums
• advertisements on popular websites in the Middle East
NOT INFECT: 1. Jordan 2. Turkey 3. Egypt
17. GRAYFISH: HOW IT WORKS?
GrayFish Re-flashes
Hard Drive Firmware
Firmware contains
infected Virtual Boot
Record (VBR)
OS uses infected VBR
when it boots
Creates hidden Virtual
File System in HD
registry to store data
Installs malicious
modules on machine
Steals and stores data
Hidden Virtual File
System
User removes malicious
modules
