Think Like a Bad Guy "Hacker" - Change the game to proactively protect your business

•Download as PPTX, PDF•

0 likes•360 views

The document discusses how to think like an adversary to improve cybersecurity defenses. It recommends organizations know their adversary by understanding who they are, their motivations, tactics and techniques, vulnerabilities they may exploit, and potential indicators of compromise. It also stresses the importance of knowing yourself by understanding your assets, vulnerabilities, security solutions, incident response plans, security awareness, and risk appetite. The document provides examples of external and internal sources that can help with understanding adversaries and yourself, such as open source tools, security information and event management data, and forensic analysis. It also discusses using scenarios, use cases and simulations to think like an adversary and improve preparedness.

Technology

Think like a Bad Guy
h n g m p a v
o c o r u n s
Presented by,
Saqib Chaudhry
Chief Information Security Officer

Vision for Cyber Security
VISIBILITY
Organizational Security
Posture
Cyber Footprint
INTELLIGENCE
Correlation
Actionable & Fit-for-Purpose
Information
PREDICTABILITY
Predictive Analytics
Ability to Predict Future Attacks
& Potential Compromises

Understanding Anatomy Of A Cyber Attack
• Campaign: to target an industry sector with a specific intent
• Exploit Target: a system with vulnerabilities which are potentially exploitable by the attacker's’ TTP
• Course of Action: actions taken either in response to an attack or as a preventative measure
• Incident: information about a cyber security incident
• Indicator: specific Observable patterns combined with contextual information to represent artifacts of potential or active attack

So, How should We Prepare ?
Know The Adversary Know Yourself

Know Yourself & Your Adversary
Know Adversary
•Who are the Actors?
•What is their motivation?
• What Tactics , Techniques & Procedures (TTP)
they might use?
• What Vulnerabilities they might exploit?
•What could be the indicators of compromise?
Know Yourself
•What assets do you have ?
•What is the criticality of the assets?
•What security vulnerabilities do you have?
•What detective and preventive solutions do you
have ?
•How good is your Cyber incident response plan?
•What level of Cyber security awareness exits
within the organization?
• What is the Organization’s risk appetite?

Sources You can use to know about Your Adversary
External
Sources
Commercial
Feeds
CERTS
Intelligence
Community
Geo IP Data
Hash Databases
Underground
Forums
Government
Feeds
Community
Groups
Internal
Sources
SEIM Solution
Deceptive/
Honeypot
Solutions
User/System
Behavior
Analytics
Forensic Analysis
Intrusion
Prevention
Anti-Malware
Forensic Analysis

Sources You can use to know about Yourself
External
External
Vulnerability
Assessments
Penetration Test
Commercial
Services
Open Source
Tools
Internal
Vulnerability
Assessment
SEIM
Data
Classification
Asset Inventory
Cyber Security
Threat Modelling
Incident
Response
Processes

Think Like a Bad Guy - Scenarios & Use Cases

Think Like a Bad Guy - Use Case Execution

Cyber Threat Intelligence OpenSources
Open Source Intelligence (OSINT)
Social Media Intelligence (SOCMINT)
Human Intelligence (HUMINT)
Deep & Dark Web Intelligence
Structured Threat Info Exp (STIX)
Trusted automated Exc Indicator (TAXII)
Cyber observable expression (CyBOX )
Information Sharing Specifications for Cyber Security
Cyber threat Security intelligence
Know yourself before the Enemy knows you
IT
OSINT - Media , Video Sharing sites, Public data, Social sites
SOCMINT – Social Channels & Conversations
HUMINT – Imagery , Signals , Signature intelligence, Refugees,
Prisoners of war , Military attaches , Espionage
IT

Add Maturity & Predictability to Your Cyber Threat Management
Program
Trending Historical Assessment
User
Behavior
System
Behavior
Threat
Modelling
Red/Blue
Teaming
Artificial
Intelligence
Program
Maturity
Predictive
Analytics

The best form of defense against cyber attacks and those who perpetrate them is to know about them. Collaborative defense has become critical to IT security, and sharing threat intelligence is a force multiplier. But for many organizations, good quality intelligence is hard to come by. Commercial threat intelligence technology and services can help enterprises arm themselves with the strategic, tactical and operational insights they need to identify and respond to global threat activity, and integrate intelligence into their security programs. Threat intelligence sources have varying levels of relevance and context, and there are concerns about data quality and redundancy, shelf life, public/private data sharing, and threat intelligence standards. However, if processed and applied properly, threat intelligence provides a way for organizations to get the insight they need into attackers’ plans, prioritize and respond to threats, shorten the time between attack and detection, and focus staff efforts and decision-making. View to learn: --The difference between threat information and threat intelligence. --Available sources of intelligence and how to determine if they apply to your business. --Key steps for preparing to ingest threat information and turn it into intelligence. --How to derive useful data that helps you achieve your business goals. --Tools that are available to make collaboration easier.

Building an Effective Cyber Intelligence ProgramLondon School of Cyber Security

Cyber Threat Intelligence

Marlabs

Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc

Practical and Actionable Threat Intelligence Collection

Seamus Tuohy

A great deal of the existing human rights reporting and analysis aggregate and strip away contextual information in order to produce “quantified knowledge” that is technically reliable and useful for governmental decision making. The results produced often end up too delayed, partial, distorted, and misleading to be used by local actors and human rights defenders to directly respond to the threats that they face. Those who could benefit most from the human rights knowledge being collected and shared in the digital world are those that existing repositories of information serve the least. In this presentation I will provide concrete guidance on approaches for adopting data-rich, practical, and actionable threat information collection. In this content heavy 1.5 hour talk I will discuss a range of tools and techniques for seeking out sources of actionable information, distinguishing valuable information from useless but interesting information, and streamlining your information collection and analysis process to allow you to focus on your real work. This talk WON’T be focused on collecting or sharing threat intelligence and/or human rights research aimed at evidence creation or changing the public dialogue. It WILL be focused on helping you identify, collect, and use publicly available sources of information to respond to your changing threat landscape.

Cyber Threat Intelligence: Building and maturing an intelligence program that...

Mark Arena

Cyber Threat Intelligence | Information to Insight

Deep Shankar Yadav

Cyber Threat Intelligence

ZaiffiEhsan

Cyber Threat Intelligence - It's not just about the feeds

Iain Dickson

Presented at BSides Perth 2019 Synopsis: Although the practice of collecting and using intelligence has been studied and conducted by governments and the military for centuries, it’s relative application to Cyber Security has only recently been highlighted. This area of infosec has been termed Cyber Threat Intelligence, where the marriage of traditional intelligence techniques and analysis with deep technical understanding within the Cyber domain are used to predict future actions by threats through long term analysis and modelling. This approach is then used to support both proactive and reactive cyber security actions, from incident response to penetration testing. This presentation focuses on threat intelligence from a practical data perspective, moving away from just the commercial concept of threat intelligence feeds (although these form one part of the equation). This presentation will approach threat intelligence from an analysts perspective of what questions needs to be answered to effectively investigate an incident, using the Diamond Model and Cyber Kill Chain as framing devices. These questions will then lead to examples of the data that can be used to answer these questions. Although traditionally data collection has focused on external cyber information, more often than not however, it’s actions outside of those seen within an organisations network, or even outside cyberspace that can provide context to the actions a threat takes. Finally, we provide a number of use cases on which the results of threat intelligence processes can be applied within a Security Operations Centre, including Incident Response as well as traditional Penetration Testing and Red Teaming.

Matthew Rosenquist's Understanding APT Threat Agent Characteristics is Key to Prioritizing Risks presentation at the 2015 Global APT Defense Summit in Los Angeles. Prioritizing risks is critical for any sustainable security capability. Understanding the abilities, methods, and objectives of advanced attackers is key in identifying the most critical vulnerabilities and the proper allocation of resources to manage risks.

The Cybercriminal Underground: Understanding and categorising criminal market...

Mark Arena

Delivered at ACSC in Canberra on 11 April 2018. I uploaded a version with easier to read font colours at https://www.slideshare.net/MarkArena/the-cybercriminal-underground-understanding-and-categorising-criminal-marketplace-activity-93856202 This presentation builds upon previous research Intel 471 has undertaken with Dhia Majoub (Cisco/OpenDNS) and Jason Passwaters (Intel 471) Upgrading your Cyber Threat Intelligence to Track Down Criminal Hosting Infrastructure Dhia Majoub - https://www.sans.org/summit-archives/file/summit-archive-1517343456.pdf VB 2017: BPH exposed - RBN never left they just adapted and evolved. Did you? Jason Passwaters / Dhia Majoub - https://www.virusbulletin.com/conference/vb2017/abstracts/bph-exposed-rbn-never-left-they-just-adapted-and-evolved-did-you

How to build a cyber threat intelligence program

Mark Arena

Threat intelligence in security

Osama Ellahi

Threat intelligence is knowledge that allows you to prevent or mitigate cyberattacks. Rooted in data, threat intelligence gives you context that helps you make informed decisions about your security by answering questions like who is attacking you, what their motivations and capabilities are, and what indicators of compromise in your systems to look for. reference:https://www.recordedfuture.com/threat-intelligence-definition/

The Cybercriminal Underground: Understanding and categorising criminal market...

Mark Arena

Delivered at ACSC in Canberra on 11 April 2018. Better font colours. This presentation builds upon previous research Intel 471 has undertaken with Dhia Majoub (Cisco/OpenDNS) and Jason Passwaters (Intel 471) Upgrading your Cyber Threat Intelligence to Track Down Criminal Hosting Infrastructure Dhia Majoub - https://www.sans.org/summit-archives/file/summit-archive-1517343456.pdf VB 2017: BPH exposed - RBN never left they just adapted and evolved. Did you? Jason Passwaters / Dhia Majoub - https://www.virusbulletin.com/conference/vb2017/abstracts/bph-exposed-rbn-never-left-they-just-adapted-and-evolved-did-you

Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014

Santiago Bassett

Threat Intelligence has become increasingly important as the number and severity of threats is growing continuously. We live in an era where our prevention technologies are not enough anymore, antivirus products fail to detect new or sophisticated pieces of malware, our firewalls and perimeter defenses are easily bypassed and the attacker’s techniques are growing in complexity. In this new landscape, sharing threat intelligence has become a key component to mitigate cyber-attacks. In this session we will define what Threat Intelligence is and discuss how to collect and integrate threat intelligence from public sources. In addition, we’ll demonstrate how to build your own Threat Intelligence data using Open Source tools such as sandboxes, honeypots, sinkholes and other publicly available tools. The industry’s reticence to share information about attack vectors gives the adversary a huge advantage. Using Threat Intelligence we can reduce this advantage and enable preventative response. We will guide you through the different standards (OpenIOC, STIX, MAEC, OTX, IODEF…) to describe and share cyber intelligence, as well as Open Source Frameworks such as CIF (Collective Intelligence Framework) that allows you to combine different threat sources. One of the biggest problems with Threat Intelligence is finding out how to take advantage of the data you have to actually improve the detection/prevention capabilities in your environment. We will describe how to leverage Threat Intelligence to detect threats and provide defenses, and we will focus on how to use Open Source Tools (Suricata, OSSIM, OSSEC, Bro, Yara…) to get the most of your Threat Intelligence. Presenters: Jaime Blasco and Santiago Bassett Cornerstones of Trust 2014: https://www.cornerstonesoftrust.com

Effective Threat Hunting with Tactical Threat Intelligence

Dhruv Majumdar

Cyber Threat Hunting: Identify and Hunt Down Intruders

Infosec

View webinar: "Cyber Threat Hunting: Identify and Hunt Down Intruders": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gwfd View companion webinar: "Red Team Operations: Attack and Think Like a Criminal": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gw5q Are you red team, blue team — or both? Get an inside look at the offensive and defensive sides of information security in our webinar series. Senior Security Researcher and InfoSec Instructor Jeremy Martin discusses what it takes to be modern-day threat hunter during our webinar, Cyber Threat Hunting: Identify and Hunt Down Intruders. The webinar covers: - The job duties of a Cyber Threat Hunting professional - Frameworks and strategies for Cyber Threat Hunting - How to get started and progress your defensive security career - And questions from live viewers! Learn about InfoSec Institute's Cyber Threat Hunting couse here: https://www.infosecinstitute.com/courses/cyber-threat-hunting/

Threat Intelligence

Deepak Kumar (D3)

Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)

Open Analytics

Building a Successful Threat Hunting Program

Carl C. Manion

Understanding the key components necessary to build a successful threat hunting program starts with visibility, the appropriate tools and automation. Skilled, experienced analysts, engineers and incident responders with analytical minds who can apply concepts and approaches to a variety of different toolsets are also instrumental to the process. In this presentation, We'll describe and discuss some of the most common challenges, recommended best practices, and focus areas for achieving an effective threat hunting capability based on lessons learned over the past 15 years.

Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...

Albert Hui

Threat Hunting 101: Intro to Threat Detection and Incident Response

Infocyte

Join Infocyte's Vice President of Customer and Partner Success, Chris Mills, for Threat Hunting 101: An intro to using Infocyte HUNT to detect, investigate, and respond to advanced persistent threats, file-less malware, and other sophisticated attacks. Beyond these slides, please reference the video for additional insight and instruction on how to use our Threat Hunting and Incident Response platform.

Careers in Cyber Security

Deep Shankar Yadav

Cyber Threat Intelligence Solution Demonstration

SurfWatch Labs

Crowd-Sourced Threat Intelligence

AlienVault

This talk will include an overview and demo of the Open Threat Exchange (OTX) and describe some of its information sources, including anonymous sharing from Open Source Security Information Management (OSSIM.) Jaime will share some of his experiences using OTX as a security researcher. He will also provide his thoughts on how OWASP members can benefit from security research and threat intelligence to "build in" security rather than constantly reacting.

The Sweet Spot of Cyber Intelligence

Tieu Luu

What is Threat Hunting? - Panda Security

Panda Security

In our webinar “What is Threat Hunting and why do you need it?" we discussed the folowing key points: 1. What Threat hunting is. 2. Why it is becoming so popular and what kinds of attacks are making it necessary. 3. What the challenges are. 4. Threat Hunting and Investigation services for attacks. 5. Case studies. Find out more on https://www.pandasecurity.com/business/adaptive-defense/?utm_source=slideshare&utm_medium=social&utm_content=SM_EN_WEB_adaptive_defense&track=180715

Ethical Hacking by Krutarth Vasavada

Krutarth Vasavada

Threat Intelligence: State-of-the-art and Trends - Secure South West 2015

Andreas Sfakianakis

AI and Cybersecurity - Food for Thought

NUS-ISS

“AI is the new electricity” proclaims Andrew Ng, co-founder of Google Brain. Just as we need to know how to safely harness electricity, we also need to know how to securely employ AI to power our businesses. In some scenarios, the security of AI systems can impact human safety. On the flip side, AI can also be misused by cyber-adversaries and so we need to understand how to counter them. This talk will provide food for thought in 3 areas: Security of AI systems Use of AI in cybersecurity Malicious use of AI

What's hot

Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin

2015 Global APT Summit Matthew Rosenquist

Matthew Rosenquist

The Cybercriminal Underground: Understanding and categorising criminal market...

Mark Arena

How to build a cyber threat intelligence program

Mark Arena

Threat intelligence in security

Osama Ellahi

The Cybercriminal Underground: Understanding and categorising criminal market...

Mark Arena

Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014

Santiago Bassett

Effective Threat Hunting with Tactical Threat Intelligence

Dhruv Majumdar

Cyber Threat Hunting: Identify and Hunt Down Intruders

Infosec

Threat Intelligence

Deepak Kumar (D3)

Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)

Open Analytics

Building a Successful Threat Hunting Program

Carl C. Manion

Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...

Albert Hui

Threat Hunting 101: Intro to Threat Detection and Incident Response

Infocyte

Careers in Cyber Security

Deep Shankar Yadav

Cyber Threat Intelligence Solution Demonstration

SurfWatch Labs

Crowd-Sourced Threat Intelligence

AlienVault

The Sweet Spot of Cyber Intelligence

Tieu Luu

What is Threat Hunting? - Panda Security

Panda Security

What's hot (19)

Threat Intelligence 101 - Steve Lodin - Submitted

2015 Global APT Summit Matthew Rosenquist

The Cybercriminal Underground: Understanding and categorising criminal market...

How to build a cyber threat intelligence program

Threat intelligence in security

The Cybercriminal Underground: Understanding and categorising criminal market...

Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014

Effective Threat Hunting with Tactical Threat Intelligence

Cyber Threat Hunting: Identify and Hunt Down Intruders

Threat Intelligence

Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)

Building a Successful Threat Hunting Program

Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...

Threat Hunting 101: Intro to Threat Detection and Incident Response

Careers in Cyber Security

Cyber Threat Intelligence Solution Demonstration

Crowd-Sourced Threat Intelligence

The Sweet Spot of Cyber Intelligence

What is Threat Hunting? - Panda Security

Similar to Think Like a Bad Guy "Hacker" - Change the game to proactively protect your business

Ethical Hacking by Krutarth Vasavada

Krutarth Vasavada

Threat Intelligence: State-of-the-art and Trends - Secure South West 2015

Andreas Sfakianakis

AI and Cybersecurity - Food for Thought

NUS-ISS

13734729.ppt

AmitPandey388410

How to Mitigate Risk From Your Expanding Digital Presence

SurfWatch Labs

How To Turbo-Charge Incident Response With Threat Intelligence

Resilient Systems

Minutes, hours, days - each one counts when responding to a security incident. Yet most firms have a lot of room for improvement. According to the 2013 Verizon Data Breach Investigations Report, in 66% of cases (up from 56% last year), breaches remained undiscovered for years, and in 22% of cases, it took months to fully contain the incident. This webinar will review the challenges firms face in trying to create a rapid and decisive incident response (IR) process. It will then highlight the crucial role that timely, contextual threat intelligence can play in turbo-charging incident response, particularly when tightly integrated with the broader IR discipline. Finally, it will reveal the power of this approach by demonstrating Co3's integrated threat intelligence capabilities including intel from industry-leader iSIGHT Partners.

Road map for actionable threat intelligence

abhisheksinghcs

disinformation risk management: leveraging cyber security best practices to s...

Sara-Jayne Terp

2015 Global APT Summit - Understanding APT threat agent characteristics is ke...

Matthew Rosenquist

APT attacks originate from people, against a specific target, for an explicit malicious purpose. Attempting to protect all assets from every type of attack is not reasonable or sustainable. Understanding the archetypes of Threat Agents is key to an effective defense. Knowing the capabilities, objectives, and most likely methods of APTs targeting your organization provides predictive insights to where prevention, detection, and response tools and processes will have maximum impact. Such analysis complements the traditional vulnerability management structures which look generically for weaknesses.

Outsmarting the Attackers A Deep Dive into Threat Intelligence.docx

manas23pgdm157

OSB50: Operational Security: State of the Union

Ivanti

Why_TGTOP GUN

Actionable Threat Intelligence

OWASP Delhi

Artificial Intelligence – Time Bomb or The Promised Land?

Raffael Marty

Companies have AI projects. Security products use AI to keep attackers out and insiders at bay. But what is this "AI" that everyone talks about? In this talk we will explore what artificial intelligence in cyber security is, where the limitations and dangers are, and in what areas we should invest more in AI. We will talk about some of the recent failures of AI in security and invite a conversation about how we verify artificially intelligent systems to understand how much trust we can place in them. Alongside the AI conversation, we will discover that we need to make a shift in our traditional approach to cyber security. We need to augment our reactive approaches of studying adversary behaviors to understanding behaviors of users and machines to inform a risk-driven approach to security that prevents even zero day attacks.

C4I cyber secuirty by Eric Eifert - Keynote 9.pptx

bakhtinasiriav

Threat Intelligence Making your Bespoke Security Operations Centre Work for Y...

maximumnetworks

Cyber Threat Hunting Workshop

Digit Oktavianto

Ethical hacking a licence to hackamrutharam

Cyber Threat Hunting Workshop.pdf

ssuser4237d4

Cyber Threat Hunting Workshop.pdf

ssuser4237d4

Similar to Think Like a Bad Guy "Hacker" - Change the game to proactively protect your business (20)

Ethical Hacking by Krutarth Vasavada

Threat Intelligence: State-of-the-art and Trends - Secure South West 2015

AI and Cybersecurity - Food for Thought

13734729.ppt

How to Mitigate Risk From Your Expanding Digital Presence

How To Turbo-Charge Incident Response With Threat Intelligence

Road map for actionable threat intelligence

disinformation risk management: leveraging cyber security best practices to s...

2015 Global APT Summit - Understanding APT threat agent characteristics is ke...

Outsmarting the Attackers A Deep Dive into Threat Intelligence.docx

OSB50: Operational Security: State of the Union

Why_TG

Actionable Threat Intelligence

Artificial Intelligence – Time Bomb or The Promised Land?

C4I cyber secuirty by Eric Eifert - Keynote 9.pptx

Threat Intelligence Making your Bespoke Security Operations Centre Work for Y...

Cyber Threat Hunting Workshop

Ethical hacking a licence to hack

Cyber Threat Hunting Workshop.pdf

Recently uploaded

National Security Agency - NSA mobile device best practices

Quotidiano Piemontese

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Neo4j

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation. We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios. Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

Video Streaming: Then, Now, and in the Future

Alpen-Adria-Universität

In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

Vladimir Iglovikov, Ph.D.

Presented by Vladimir Iglovikov: - https://www.linkedin.com/in/iglovikov/ - https://x.com/viglovikov - https://www.instagram.com/ternaus/ This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation. Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners. This case study covers various aspects, including: People: The contributors and community that have supported Albumentations. Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions. Challenges: The hurdles in monetizing open-source projects and measuring user engagement. Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration. Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community. Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations. Mental Health: Maintaining balance and not feeling pressured by user demands. Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth. Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects. Explore more about Albumentations and join the community at: GitHub: https://github.com/albumentations-team/albumentations Website: https://albumentations.ai/ LinkedIn: https://www.linkedin.com/company/100504475 Twitter: https://x.com/albumentations

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

Artificial Intelligence for XMLDevelopment

Octavian Nadolu

In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject. We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup. Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved. The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring. The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise. By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

SOFTTECHHUB

As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

Mind map of terminologies used in context of Generative AI

Kumud Singh

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...

Neo4j

Leonard Jayamohan, Partner & Generative AI Lead, Deloitte This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Neo4j

Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

DevOps and Testing slides at DASA Connect

Kari Kakkonen

How to Get CNIC Information System with Paksim Ga.pptx

danishmna97

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Neo4j

Communications Mining Series - Zero to Hero - Session 1

DianaGray10

This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered: • Communication Mining Overview • Why is it important? • How can it help today’s business and the benefits • Phases in Communication Mining • Demo on Platform overview • Q/A

Recently uploaded (20)

National Security Agency - NSA mobile device best practices

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Essentials of Automations: The Art of Triggers and Actions in FME

Introduction to CHERI technology - Cybersecurity

Video Streaming: Then, Now, and in the Future

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

Pushing the limits of ePRTC: 100ns holdover for 100 days

Artificial Intelligence for XMLDevelopment

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

GraphRAG is All You need? LLM & Knowledge Graph

Mind map of terminologies used in context of Generative AI

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

DevOps and Testing slides at DASA Connect

How to Get CNIC Information System with Paksim Ga.pptx

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Communications Mining Series - Zero to Hero - Session 1

Think Like a Bad Guy "Hacker" - Change the game to proactively protect your business

1. Think like a Bad Guy h n g m p a v o c o r u n s Presented by, Saqib Chaudhry Chief Information Security Officer

2. Vision for Cyber Security VISIBILITY Organizational Security Posture Cyber Footprint INTELLIGENCE Correlation Actionable & Fit-for-Purpose Information PREDICTABILITY Predictive Analytics Ability to Predict Future Attacks & Potential Compromises

3. Understanding Anatomy Of A Cyber Attack • Campaign: to target an industry sector with a specific intent • Exploit Target: a system with vulnerabilities which are potentially exploitable by the attacker's’ TTP • Course of Action: actions taken either in response to an attack or as a preventative measure • Incident: information about a cyber security incident • Indicator: specific Observable patterns combined with contextual information to represent artifacts of potential or active attack

4. So, How should We Prepare ? Know The Adversary Know Yourself

5. Know Yourself & Your Adversary Know Adversary •Who are the Actors? •What is their motivation? • What Tactics , Techniques & Procedures (TTP) they might use? • What Vulnerabilities they might exploit? •What could be the indicators of compromise? Know Yourself •What assets do you have ? •What is the criticality of the assets? •What security vulnerabilities do you have? •What detective and preventive solutions do you have ? •How good is your Cyber incident response plan? •What level of Cyber security awareness exits within the organization? • What is the Organization’s risk appetite?

6. Sources You can use to know about Your Adversary External Sources Commercial Feeds CERTS Intelligence Community Geo IP Data Hash Databases Underground Forums Government Feeds Community Groups Internal Sources SEIM Solution Deceptive/ Honeypot Solutions User/System Behavior Analytics Forensic Analysis Intrusion Prevention Anti-Malware Forensic Analysis

7. Sources You can use to know about Yourself External External Vulnerability Assessments Penetration Test Commercial Services Open Source Tools Internal Vulnerability Assessment SEIM Data Classification Asset Inventory Cyber Security Threat Modelling Incident Response Processes

8. Think Like a Bad Guy - Scenarios & Use Cases

9. Think Like a Bad Guy - Scenarios & Use Cases

10. Think Like a Bad Guy - Use Case Execution

11. Cyber Threat Intelligence OpenSources Open Source Intelligence (OSINT) Social Media Intelligence (SOCMINT) Human Intelligence (HUMINT) Deep & Dark Web Intelligence Structured Threat Info Exp (STIX) Trusted automated Exc Indicator (TAXII) Cyber observable expression (CyBOX ) Information Sharing Specifications for Cyber Security Cyber threat Security intelligence Know yourself before the Enemy knows you IT OSINT - Media , Video Sharing sites, Public data, Social sites SOCMINT – Social Channels & Conversations HUMINT – Imagery , Signals , Signature intelligence, Refugees, Prisoners of war , Military attaches , Espionage IT

12. Add Maturity & Predictability to Your Cyber Threat Management Program Trending Historical Assessment User Behavior System Behavior Threat Modelling Red/Blue Teaming Artificial Intelligence Program Maturity Predictive Analytics

13. Good Cyber Threat Intelligence Reads

Think Like a Bad Guy "Hacker" - Change the game to proactively protect your business

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Similar to Think Like a Bad Guy "Hacker" - Change the game to proactively protect your business

Similar to Think Like a Bad Guy "Hacker" - Change the game to proactively protect your business (20)

Recently uploaded

Recently uploaded (20)

Think Like a Bad Guy "Hacker" - Change the game to proactively protect your business