"Know Thy Enemy" - Module 1 of my Cybersecurity Primer Presentations. Who is Trying to Hack You? The Seven Types of Hackers on the Internet, their profiles and motivations.
Product Career Ladder: Getting Promoted to DirectorRich Mironov
Director-level and VP Product leaders do different work than individual contributor Product Managers. How do you signal that you’re interested in “the next job up” while respecting your current manager? How have attendees gotten promoted to Director?
At heart, Product Managers should be great storytellers. They should be able to craft compelling and bold narratives to justify a new initiative to executives. Or outline heroic quests to ignite engineering’s excitement to build that next great product. Or conjure enchanting tales of riches to enable sales and marketing to sell the product to customers. So…are your storytelling skills up to the task? Join this session for a couple of rounds of True Story, a game that teaches you how to be a better storyteller. The True Story game supplies players with memory prompts and introduces basic, intermediate and advanced storytelling techniques, slowly increasing the level of difficulty with every round of stories. It teaches anyone who plays it how to tell better stories — whether you’re a veteran teller or a total novice.
Communication is a fundamental skill for product managers. Whether it’s understanding the ""intention behind the words” used by customers, or providing crisp, clear directions to others, the ability to understand and be understood is critical.
In this session, we’re going to break into teams and play a couple of rounds of a game called ""Back-2-Back Drawing"". It’s an exercise that fosters both active communication and active listening skills, but in a fun and interactive way. You’ll hone your ability to articulate your thoughts, as well as your ability to ask precise clarifying questions.
This presentation is intended to show how to crowdsource product feedback if you are building a new product for which there are no customers, or analyst reports or statics available.
Product Camp 2015 #SVPCamp Keynote Presentation
- Orientation
- History of Product Camp
- History of Silicon Valley: The Garage
- Sponsors
- Hacking Your Brain: New Skills and Habits
- Product Camp 2015 Logistics
2017 04 product camp how to be strategicPhil Burton
This presentation was given at the 2017 Silicon Valley Product Camp.
An effective product strategy leads to more revenue and market share. If you are consumed by day-to-day issues and don't know how to get started with formulating a strategy for success, this session will show you some powerful tools and concepts for analysis and strategy formulation. The key to developing a strategy is addressing the right issues and not getting bogged down in too much detail.
A model for changing company culture, practice and outcomes using a product experience focus.
Product managers often spend so much time managing the day-to-day requirements of meeting customer needs, delivering to their roadmap and competing, they don't have time to do the strategic work needed to grow their products over the long-term. This model, by focusing on the product experience and distributing accountability across the company, allows product managers to reclaim the time needed to plan and deliver strategic action.
Product Career Ladder: Getting Promoted to DirectorRich Mironov
Director-level and VP Product leaders do different work than individual contributor Product Managers. How do you signal that you’re interested in “the next job up” while respecting your current manager? How have attendees gotten promoted to Director?
At heart, Product Managers should be great storytellers. They should be able to craft compelling and bold narratives to justify a new initiative to executives. Or outline heroic quests to ignite engineering’s excitement to build that next great product. Or conjure enchanting tales of riches to enable sales and marketing to sell the product to customers. So…are your storytelling skills up to the task? Join this session for a couple of rounds of True Story, a game that teaches you how to be a better storyteller. The True Story game supplies players with memory prompts and introduces basic, intermediate and advanced storytelling techniques, slowly increasing the level of difficulty with every round of stories. It teaches anyone who plays it how to tell better stories — whether you’re a veteran teller or a total novice.
Communication is a fundamental skill for product managers. Whether it’s understanding the ""intention behind the words” used by customers, or providing crisp, clear directions to others, the ability to understand and be understood is critical.
In this session, we’re going to break into teams and play a couple of rounds of a game called ""Back-2-Back Drawing"". It’s an exercise that fosters both active communication and active listening skills, but in a fun and interactive way. You’ll hone your ability to articulate your thoughts, as well as your ability to ask precise clarifying questions.
This presentation is intended to show how to crowdsource product feedback if you are building a new product for which there are no customers, or analyst reports or statics available.
Product Camp 2015 #SVPCamp Keynote Presentation
- Orientation
- History of Product Camp
- History of Silicon Valley: The Garage
- Sponsors
- Hacking Your Brain: New Skills and Habits
- Product Camp 2015 Logistics
2017 04 product camp how to be strategicPhil Burton
This presentation was given at the 2017 Silicon Valley Product Camp.
An effective product strategy leads to more revenue and market share. If you are consumed by day-to-day issues and don't know how to get started with formulating a strategy for success, this session will show you some powerful tools and concepts for analysis and strategy formulation. The key to developing a strategy is addressing the right issues and not getting bogged down in too much detail.
A model for changing company culture, practice and outcomes using a product experience focus.
Product managers often spend so much time managing the day-to-day requirements of meeting customer needs, delivering to their roadmap and competing, they don't have time to do the strategic work needed to grow their products over the long-term. This model, by focusing on the product experience and distributing accountability across the company, allows product managers to reclaim the time needed to plan and deliver strategic action.
Leading and Motivating Engineers - what product managers need to know - prod...Ron Lichty
Effective, experienced technical product management is crucial to make software development hum: Engineering and Product Management are symbiotic. Product managers lead and motivate by first establishing credibility with engineers, and by bringing vision, data, collaboration, prioritization, and protection. Ron Lichty has repeatedly been brought in to transform chaos to clarity in software development. Here’s what product managers can apply to lead and motivate engineers and make software development hum.
BIo:
Ron Lichty has, for 30-plus years, championed delighting customers. He believes that strong product/engineering collaboration is essential to achieving that goal. Ron co-authored the Addison-Wesley book Managing the Unmanageable: Rules, Tools, and Insights for Managing Software People and Teams (http://www.ManagingTheUnmanageable.net) and annually coauthors the Study of Product Team Performance (http://www.ronlichty.com/study.html).
Ron spent seven years as a programmer, two years as a product manager, and 25 years managing product and development organizations at all levels - to VP of engineering, VP of product and CTO - at companies ranging in size from tiny startups to Charles Schwab,Stanford, and Apple.
He now consults across that realm, taking on fractional interim VP Engineering and acting CTO roles, training teams in agile, training managers in managing software people and teams, and coaching development teams and executives in making software development hum. (http://www.ronlichty.com)
Ron has long been a popular speaker at product, development and agile meetups and conferences. Ron@RonLichty.com
We all know work is worship but now it is within the book only. We are now a days in bookworm. We read the books and analysis the data but we should go to grass rout to find out reality.
Cloud Protection Manager ensures that data and
resources in AWS are protected from any type of
incident. CPM offers superior backup, recovery, and
disaster recovery by leveraging and automating AWS
snapshots. CPM ensures that the data and resources
in AWS are always protected.
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
Cybercrime how bad can it be? Organised attacks around the world in 2016 have shown how unprepared we are to deal with the growth of Cybercrime. In this talk learn a little about the scale of the challenge developers face from assaults on our systems. Be prepared to be appalled and scared. Fainting is not allowed. Discover how to fight back and see how you can change your behaviour and your code to defend against these attacks.
Your destiny is clear - it’s time to be come a Cyber Defender
Humorous discussion presenting some of the kids of risks that face public facing Web sites for corporations ranging from hacking to legal to social media scares. Slides are illustrative in nature and the aim of the talk is more awareness than anything else.
Cybercrime and the Developer: How to Start Defending Against the Darker Side...Steve Poole
JavaOne 2016 Talk
In the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security. In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cybercriminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
Cybercrime and the Developer: How to Start Defending Against the Darker SideSteve Poole
In the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security. In this session, learn about a few of the simple actions you can take (and some behaviours you must change) to create a more secure Java application for the cloud. The world of the cybercriminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
Jax london2016 cybercrime-and-the-developerSteve Poole
In the emerging world of DevOps and the Cloud, most developers are trying to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resiliency and scaling to an application. Still, one critical item consistently overlooked is security.
The world of the Cyber Criminal is closer than you realize. Watch a real man-in-the-middle demonstration and learn just how simple it can be for others to steal your secrets. In this talk you’ll learn about other practical examples of how you can inadvertently leave the doors open and what you can do to keep your system secure. In the end, security is everyone’s concern and this talk will teach you a few of simple actions you can take (and some behaviours you must change) to create a more secure application in the Cloud.
BSides Boston and RI 2013
Video (BSides RI: http://www.irongeek.com/i.php?page=videos/bsidesri2013/2-0-booting-the-booters-stressing-the-stressors-allison-nixon-and-brandon-levene)
Leading and Motivating Engineers - what product managers need to know - prod...Ron Lichty
Effective, experienced technical product management is crucial to make software development hum: Engineering and Product Management are symbiotic. Product managers lead and motivate by first establishing credibility with engineers, and by bringing vision, data, collaboration, prioritization, and protection. Ron Lichty has repeatedly been brought in to transform chaos to clarity in software development. Here’s what product managers can apply to lead and motivate engineers and make software development hum.
BIo:
Ron Lichty has, for 30-plus years, championed delighting customers. He believes that strong product/engineering collaboration is essential to achieving that goal. Ron co-authored the Addison-Wesley book Managing the Unmanageable: Rules, Tools, and Insights for Managing Software People and Teams (http://www.ManagingTheUnmanageable.net) and annually coauthors the Study of Product Team Performance (http://www.ronlichty.com/study.html).
Ron spent seven years as a programmer, two years as a product manager, and 25 years managing product and development organizations at all levels - to VP of engineering, VP of product and CTO - at companies ranging in size from tiny startups to Charles Schwab,Stanford, and Apple.
He now consults across that realm, taking on fractional interim VP Engineering and acting CTO roles, training teams in agile, training managers in managing software people and teams, and coaching development teams and executives in making software development hum. (http://www.ronlichty.com)
Ron has long been a popular speaker at product, development and agile meetups and conferences. Ron@RonLichty.com
We all know work is worship but now it is within the book only. We are now a days in bookworm. We read the books and analysis the data but we should go to grass rout to find out reality.
Cloud Protection Manager ensures that data and
resources in AWS are protected from any type of
incident. CPM offers superior backup, recovery, and
disaster recovery by leveraging and automating AWS
snapshots. CPM ensures that the data and resources
in AWS are always protected.
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
Cybercrime how bad can it be? Organised attacks around the world in 2016 have shown how unprepared we are to deal with the growth of Cybercrime. In this talk learn a little about the scale of the challenge developers face from assaults on our systems. Be prepared to be appalled and scared. Fainting is not allowed. Discover how to fight back and see how you can change your behaviour and your code to defend against these attacks.
Your destiny is clear - it’s time to be come a Cyber Defender
Humorous discussion presenting some of the kids of risks that face public facing Web sites for corporations ranging from hacking to legal to social media scares. Slides are illustrative in nature and the aim of the talk is more awareness than anything else.
Cybercrime and the Developer: How to Start Defending Against the Darker Side...Steve Poole
JavaOne 2016 Talk
In the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security. In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cybercriminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
Cybercrime and the Developer: How to Start Defending Against the Darker SideSteve Poole
In the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security. In this session, learn about a few of the simple actions you can take (and some behaviours you must change) to create a more secure Java application for the cloud. The world of the cybercriminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
Jax london2016 cybercrime-and-the-developerSteve Poole
In the emerging world of DevOps and the Cloud, most developers are trying to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resiliency and scaling to an application. Still, one critical item consistently overlooked is security.
The world of the Cyber Criminal is closer than you realize. Watch a real man-in-the-middle demonstration and learn just how simple it can be for others to steal your secrets. In this talk you’ll learn about other practical examples of how you can inadvertently leave the doors open and what you can do to keep your system secure. In the end, security is everyone’s concern and this talk will teach you a few of simple actions you can take (and some behaviours you must change) to create a more secure application in the Cloud.
BSides Boston and RI 2013
Video (BSides RI: http://www.irongeek.com/i.php?page=videos/bsidesri2013/2-0-booting-the-booters-stressing-the-stressors-allison-nixon-and-brandon-levene)
n the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security.
In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cyber criminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
11. WHO ARE THEY?
• Limited Technical Knowledge
• Use downloaded software kits.
• Some kits = advanced damage!
• Unaware or do not care about
consequences. MOTIVATIONS:
• Immaturity
• Ego-Boosting
• Thrill Seeking.
13. WHO ARE THEY? High-Tech, Low-Life
• Disregard for Authority, Societal Norms – Cultural
Rebels
• Hard-Boiled Hacker with Anarchist Tendencies
• More technically sophisticated than Script-Kiddies
• Counts on “Slap on the Wrist”
• Predominantly 12-18yo Males
• Techno-Revolutionary, Manifestos, Rave/Techo
MOTIVATIONS:
• Recognition from Peers, “Respect” (or fear) from “the
system”
• “Cling to a cult of individualism, in a culture
characterized by corporate control and mass
conformity.”
15. WHO ARE THEY?
• Defacing or DDoS’ing sites,
claiming “civil disobedience”.
• Individuals & loosely organized
groups/mobs distributed across the
internet.
• May be from
other categories,
“Hacktivism”
as justification.
MOTIVATIONS:
• Revenge, Power,
Greed, Marketing,
Media Attention
• Vigilante Justice
• Political Agenda
19. WHO ARE THEY?
• Adolescent College Student
Adult Ex-Writer
• Skill varies.
• Writer may not be one who releases
it into the wild.
MOTIVATIONS:
• Mental Challenge Attention
• Raw Thrill Bragging Rights
28. Wide Range of Insiders:
• Begrudged Employee
• Developers/Engineers
• Sales People
• Unwittingly Co-Opted people.
LESSON: Have clear well-known policies on
Intellectual Property (IP) protection!
29. GENERAL MOTIVES: Understand yourself as a target
• Revenge
• Is there anyone with an axe to grind?
• Would cost of a security breach be high?
• Brand Damage
• Political Damage
• Costly Fines or Penalties
• Loss of Information Assets/Control
• Notoriety
• Could somebody get famous or gain “street
credibility” for hacking your company, product,
or service?
• Curiosity
• Do you have interesting information, computing
environments or assets? (NASA, Computer-Game
Company…).
30. Financial Motives: Understand yourself as a
target
Black Market Price$:Adwords: $1000
(to drain competitors AdWords Budget)
Botnets – USA: $180 / 1,000 Computers
– Canada: $270
– UK: $240
– France: $200
– Russia: $200
– Worldwide: $35
Credit Cards – Premium Big Balance: $250
– Regular CC w/ SSN: $5
Doxing Someone: $25-$100
Health Insurance Info: $1200 - $1300
Twitter Followers: $15 / 10,000 Fake Follows
Email Accounts – Gmail: $200 / 1,000
– Hotmail $12 / 1,000
– Yahoo: $10 / 1,000
Facebook – Likes: $15 / 1,000
– Spam: $13 page w/ 30k fans
Hacked Webcams – Male: $0.01 Female: $1
Online Bank Account – USA: 2% Acct. Bal.
– EU 4%-6% Acct. Bal.
Online Funds to Cash: 9% - 40% Commission
PayPal Account: 6%-20% of Balance
Online Game Hackers: $16k/mo in China
Remote Admin Tool: $40 for Blackshades
Website Traffic: $1 for 1,000 Fake Visitors
Thought: If a hacker is selling access to compromised
computer for 18 cents, or gmail account for 20 cents,
how much must it cost to break into that computer???
34. Bibliography:
The Psyche of Cybercriminals: A
Psycho-Social Perspective
Marcus K. Rogers
http://202.154.59.182/mfile/files/Information%20System/Cybercrimes%20A%20Multidisciplinary%20Analysis/Chapter%201
4%20The%20Psyche%20of%20Cybercriminals%3B%20A%20Psycho-Social%20Perspective.pdf
36. Bibliography:
Live CyberAttack Map, courtesy of Norse CyberSecurity:
http://map.ipviking.com/
Data Breaches (Bubble Infographic)
http://www.informationisbeautiful.net/visualizations/worlds-
biggest-data-breaches-hacks/static/
Editor's Notes
http://map.ipviking.com/
Norse tracks >50,000 attacks per second.
10,000 new species/variants of malware per day
1 Billion IP Addresses
Operates in 47 countries
6,000 common types of devices attacked.
http://map.ipviking.com/
Norse tracks >50,000 attacks per second.
10,000 new species/variants of malware per day
1 Billion IP Addresses
Operates in 47 countries
6,000 common types of devices attacked.
http://map.ipviking.com/
Norse tracks >50,000 attacks per second.
10,000 new species/variants of malware per day
1 Billion IP Addresses
Operates in 47 countries
6,000 common types of devices attacked.
http://map.ipviking.com/
Norse tracks >50,000 attacks per second.
10,000 new species/variants of malware per day
1 Billion IP Addresses
Operates in 47 countries
6,000 common types of devices attacked.
Motivations of Malware Creation
Malware writers can have various reasons for creating and spreading malware. The following are common reasons:
1. Fun/Hobby/Spreading of ideological
Some malware writers consider their creations to be works of art, and see malware writing as a creative hobby.
2. Jocks/Pranks
Pranks are harmless that merely display an annoying message to programs that can destroy files or disable a computer altogether.
3. Showing computing knowledge/ Gaining respect
A widely spread malware and is observed by mass media can show malware writers’ knowledge and gain great respect in a small group of like-minded people.
4. Industrial espionage
Obtaining secret information about a company by using weaknesses and defects in the company's IT-system is something that is quite common today.
5. Experimental/ Research/Proof of Concepts
Malware are written in laboratories and research facilities for experimental or research purpose. Most of these malware do not spread. Usually malware in labs
and research facilities test systems is called in-the-field. Others malware that have been found infecting users’ computers worldwide in real world are called in-thewild.
6. Vandalism/Graffiti
The intentional destruction of property is popularly referred to as vandalism. It includes behavior such as breaking windows, slashing tires, spray painting a wall
with graffiti, and destroying a computer system through the use of a computer malware. Vandalism is a malicious act and may reflect personal ill will, although
the perpetrators need not know their victim to commit vandalism.
7. Revenge
There are always employees who are not particularly satisfied with their employer. When a programmer or system administrator about to be fired from a job may
leave behind backdoors or software "time bombs" that will allow them to damage the former employer's systems or destroy their own earlier work.
Malware are used to attack the products of specific companies or web sites. According to the FBI, revenge from employees is a very common reason for ITrelated
crimes.
8. Political message
Malware which infects executable files on compromised computers and displays a political message when launched. This type of malware usually targets particular
government organizations.
9. Profit/Financial gain/Extortion
Most malware writers motivated by profit/financial gain are more and more likely to be working with spammers and hackers. One of the most common methods is
by stealing sensitive information which is then sold on the black market to criminal organizations to make a profit.
Some Malware will encrypt some of your files on your computer then it leaves a message to contact a certain email address with a reference number so that you can
buy back your own files.
Joe McReynolds, a researcher of China's network warfare and capabilities for the US Center for Intelligence Research and Analysis
Chinese Professional Hacking (3 groups):
[1] Specialized military network warfare forces -- focus on carrying out network cyberattacks and defense. (PLA Unit#61398, 12-storey building).
[2] Unit of civilian teams granted the go-ahead by the Chinese military to carry out "network warfare operations.”
[3] Umbrella Unit for "external entities" which "can be organized and mobilized for network warfare operations," but act outside of government departments.
Each unit targets US companies in order to steal valuable data related to business and trade.
This, in turn, can give Chinese firms a boost in the global economy.
_____________________________________________________
References:
http://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor
http://www.zdnet.com/article/china-reveals-existence-of-cyber-warfare-hacking-teams/
Joe McReynolds, a researcher of China's network warfare and capabilities for the US Center for Intelligence Research and Analysis
According to McReynolds, China's digital military strategy has been split up into three separate sections. One unit, called "specialized military network warfare forces," focus on carrying out network cyberattacks and defense. Secondly, another unit comprises of civilian teams which have been given the go-ahead by the Chinese military to carry out "network warfare operations." Finally, another unit acts as an umbrella for "external entities" which "can be organized and mobilized for network warfare operations," but act outside of government departments.
The Chinese military expert says that each unit targets US companies in order to steal valuable data related to business and trade. This, in turn, can give Chinese firms a boost in the global economy.
In May, the United States charged five Chinese nationals described as "military hackers" with breaking into US corporate networks to steal sensitive data. These men allegedly belonged to Unit 61398, the focus of a study conducted by FireEye's Mandiant cyberforensics team in 2013.
The report claimed that a 12-story building associated with the PLA hosted this unit, which connects a number of sophisticated Chinese hacking groups including the "Comment Crew" and "Shanghai Group." Mandiant says that Unit 61398 was likely responsible for an "overwhelming" number of cyberattacks, whereas at the time Chinese officials dismissed the allegations as "groundless."
Example: SONY
CYBER WARRIORS / CYBER-WARFARE:
Identify Point-of-Entry
Gather Intelligence on Point-of-Entry
Compromise Perimeter via Point-of-Entry
- Execute Entry-plan: Targeted Spearphishing, Insiders, “weak underbelly”.
ONCE INSIDE:
Reconnoiter / Gather Intelligence
Map Terrain / Connectivity
Identify Primary, Secondary Targets
Identify Vulnerabilitiies
Identify Diversionary Targets
Map Defenses
Profile Individuals, Applications, Behaviors to leverage (avoid detection, compromise systems).
Gain High Ground (acquire a position)
Plan attack.
Establish command-and-control
Establish offsite place to exfiltrate information.
Identify a buyer (or use-point for what is stolen – a ‘fence’).
Execute the attack-plan while avoiding detection and prevention.
CommunicationsDirector@issa-sv.org Add to social profiles & can re-tweet member’s news.
CYBER WARRIORS / CYBER-WARFARE:
Identify Point-of-Entry
Gather Intelligence on Point-of-Entry
Compromise Perimeter via Point-of-Entry
- Execute Entry-plan: Targeted Spearphishing, Insiders, “weak underbelly”.
ONCE INSIDE:
Reconnoiter / Gather Intelligence
Map Terrain / Connectivity
Identify Primary, Secondary Targets
Identify Vulnerabilitiies
Identify Diversionary Targets
Map Defenses
Profile Individuals, Applications, Behaviors to leverage (avoid detection, compromise systems).
Gain High Ground (acquire a position)
Plan attack.
Establish command-and-control
Establish offsite place to exfiltrate information.
Identify a buyer (or use-point for what is stolen – a ‘fence’).
Execute the attack-plan while avoiding detection and prevention.
CommunicationsDirector@issa-sv.org Add to social profiles & can re-tweet member’s news.
Prices Updated August 2014.
(What can be stolen / used for financial gain?)
Information, Services
Info: For own use, to sell, or hold hostage.
Customer Information
Software / Product and R&D Designs
Financial Records
Keys/Control Information to “Hard Assets”
Personal/Private Information (photos, etc).
Services
Computing Power, Information Storage, Control
Services (Phone Service, Cloud)
If I am selling a compromised computer for 18 cents, or gmail account for 20 cents, how much must it cost to break into that computer?