Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
Vulnerability Assessments, Penetration Tests and Red Teaming – Do you know what these tactics are all about? In this session, we will present our understanding of these practices in terms of when to apply them and what to expect. Nowadays, organizations run on top of hundreds, if not thousands, of Information Technology assets with some of them on premise and others cloud based. Having control over all of this is a challenging task. Based on our extensive experience with securing our customers, I will show what real findings and attack trends look like while hopefully, shedding some light on how to be prepared to resist current attacks.
I had the honor of being invited by DLab to deliver a presentation focused on the fundamental aspects of web application security. The objective of this session was to provide attendees with a comprehensive comprehension of the methodologies essential for approaching web applications through a cybersecurity lens. By meticulously exploring key principles and strategies, the presentation aimed to equip participants with a robust foundation for effectively evaluating and safeguarding web applications against potential security threats.
Enhancing Cyber threat hunting for your team | 2021KharimMchatta
At the ISACA annual meeting, our presentation delved into diverse strategies aimed at empowering cybersecurity teams to elevate their cyber threat hunting capabilities within their organizational systems. Through a comprehensive exploration of innovative techniques, best practices, and emerging trends, we aimed to equip attendees with actionable insights to proactively identify and mitigate potential threats. By highlighting the significance of continuous improvement in threat hunting methodologies, we sought to contribute to the advancement of effective cybersecurity practices in a rapidly evolving digital landscape.
Importance of cybersecurity in digital transformation | 2023KharimMchatta
I had the distinct honor of presenting at the joint event hosted by the Smart Africa Group (SAG) and the American Chamber of Commerce Tanzania (AMCHAM), centered around the theme of digital transformation. During this occasion, my presentation centered on illuminating the pivotal role of cybersecurity within the context of digital transformation. By delineating the significance of prioritizing robust cybersecurity measures, I aimed to emphasize the intrinsic interdependence between technological advancement and safeguarding digital ecosystems. This comprehensive discourse underscored the imperative for a heightened commitment to cybersecurity in order to navigate the evolving digital landscape with resilience and foresight.
Penetration Testing for Cybersecurity Professionals211 Check
Penetration Testing for Cybersecurity Professionals is a joint presentation by Charles Chol and Chuol Buok who are both Cyber Security Analysts in South Sudan.
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
Vulnerability Assessments, Penetration Tests and Red Teaming – Do you know what these tactics are all about? In this session, we will present our understanding of these practices in terms of when to apply them and what to expect. Nowadays, organizations run on top of hundreds, if not thousands, of Information Technology assets with some of them on premise and others cloud based. Having control over all of this is a challenging task. Based on our extensive experience with securing our customers, I will show what real findings and attack trends look like while hopefully, shedding some light on how to be prepared to resist current attacks.
I had the honor of being invited by DLab to deliver a presentation focused on the fundamental aspects of web application security. The objective of this session was to provide attendees with a comprehensive comprehension of the methodologies essential for approaching web applications through a cybersecurity lens. By meticulously exploring key principles and strategies, the presentation aimed to equip participants with a robust foundation for effectively evaluating and safeguarding web applications against potential security threats.
Enhancing Cyber threat hunting for your team | 2021KharimMchatta
At the ISACA annual meeting, our presentation delved into diverse strategies aimed at empowering cybersecurity teams to elevate their cyber threat hunting capabilities within their organizational systems. Through a comprehensive exploration of innovative techniques, best practices, and emerging trends, we aimed to equip attendees with actionable insights to proactively identify and mitigate potential threats. By highlighting the significance of continuous improvement in threat hunting methodologies, we sought to contribute to the advancement of effective cybersecurity practices in a rapidly evolving digital landscape.
Importance of cybersecurity in digital transformation | 2023KharimMchatta
I had the distinct honor of presenting at the joint event hosted by the Smart Africa Group (SAG) and the American Chamber of Commerce Tanzania (AMCHAM), centered around the theme of digital transformation. During this occasion, my presentation centered on illuminating the pivotal role of cybersecurity within the context of digital transformation. By delineating the significance of prioritizing robust cybersecurity measures, I aimed to emphasize the intrinsic interdependence between technological advancement and safeguarding digital ecosystems. This comprehensive discourse underscored the imperative for a heightened commitment to cybersecurity in order to navigate the evolving digital landscape with resilience and foresight.
Penetration Testing for Cybersecurity Professionals211 Check
Penetration Testing for Cybersecurity Professionals is a joint presentation by Charles Chol and Chuol Buok who are both Cyber Security Analysts in South Sudan.
A Deep Introduction to Ethical HackingSrashti Jain
The process of uncovering vulnerabilities or errors in a system is known as ethical hacking. I'm going to give you a thorough introduction to ethical hacking.
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญBAINIDA
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
ในงาน THE FIRST NIDA BUSINESS ANALYTICS AND DATA SCIENCES CONTEST/CONFERENCE จัดโดย คณะสถิติประยุกต์และ DATA SCIENCES THAILAND
Jon Murphy, National Practice Lead, AOS
Top 10 Trends for 2015 in Information Tech Risk Management
ITRM is more than merely security hardware and apps under the control of an overworked network admin. It is strategic and tactical process, technology, and people in various roles and levels working collaboratively to protect vital organizational assets like data, information, ability to delivery timely, and reputation. Organizations need continuous, current, Actionable InsightSM about probable sources of majorly impactful risks and threats. Then and only then are they adequately prepared to make the smartest investments in continuing education, process improvement, and procedures for the proper use of the right technology for their situation. This multi-media, interactive presentation will cover the current top trends for 2015 in ITRM and that Actionable InsightSM - what your organization can and should do about likely and impactful IT risks and vulnerabilities.
Ethical Hacking Certifications
There are various ethical hacking certifications available, including:
Certified Ethical Hacker (CEH)
CEH is a certification offered by the International Council of Electronic Commerce Consultants (EC-Council) and is widely recognized in the industry.
Legal and Ethical Issues in Ethical Hacking
Although ethical hacking is a legal and authorized process, it still raises some legal and ethical concerns. Ethical hackers should ensure that they do not violate any laws or compromise the privacy and confidentiality of the system owner’s data. It is essential to obtain proper authorization before conducting ethical hacking activities.
Common Cybersecurity Threats and Vulnerabilities
Some of the most common cybersecurity threats and vulnerabilities include:
Malware
Malware is a malicious software designed to harm or gain unauthorized access to a computer system or network.
Phishing
Phishing is a technique used by hackers to trick individuals into divulging sensitive information or access to a system.
Denial of Service (DoS) Attacks
DoS attacks involve flooding a network or computer system with traffic to disrupt its normal functioning.
SQL Injection
SQL injection involves inserting malicious code into a SQL database to access sensitive information or manipulate the database.
Ethical Hacking vs. Penetration Testing
Ethical hacking and penetration testing are often used interchangeably, but they are not the same. Ethical hacking is a broader term that encompasses various techniques to identify and fix security vulnerabilities, while penetration testing is a specific type of ethical hacking that involves testing
Benefits of Ethical Hacking
The benefits of ethical hacking include:
Improved Security
Ethical hacking helps identify vulnerabilities and potential security threats, which can be fixed to improve the overall security of the system.
Cost-Effective
Ethical hacking is a cost-effective way of identifying security threats compared to dealing with a real cyber attack.
Regulatory Compliance
Ethical hacking helps organizations comply with regulatory requirements and avoid legal penalties.
Ethics and Professionalism in Ethical Hacking
Ethical hackers should adhere to a code of ethics and professionalism to ensure they maintain high standards of integrity and honesty. They should not misuse their skills for personal gain or harm others in any way.
Future of Ethical Hacking
The future of ethical hacking looks promising, as organizations continue to prioritize cybersecurity and invest in ethical hacking to identify and fix security vulnerabilities.
Conclusion
Ethical hacking is an essential aspect of cybersecurity that helps identify and fix security vulnerabilities to prevent unauthorized access, data theft, and cyber attacks. Ethical hacking involves various types and requires specific skills, tools, and certifications to perform. However, ethical hacking also raises legal and ethical concerns that should be addr
Security testing tools are only as good as the humans who use them. Learn how to turn an automated security effort into an effective security assessment.
In our webinar “What is Threat Hunting and why do you need it?" we discussed the folowing key points:
1. What Threat hunting is.
2. Why it is becoming so popular and what kinds of attacks are making it necessary.
3. What the challenges are.
4. Threat Hunting and Investigation services for attacks.
5. Case studies.
Find out more on https://www.pandasecurity.com/business/adaptive-defense/?utm_source=slideshare&utm_medium=social&utm_content=SM_EN_WEB_adaptive_defense&track=180715
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
In this presentation from their joint webinar, security experts and trainers at CQURE, Greg Tworek and Mike Jankowski-Lorek, help you put on your hacker cap to better identify dangerous vulnerabilities, strengthen your systems, and STOP the data breaches that litter the news sites today. They will also demonstrate how to exploit systems and how (from the hacker perspective) this can be proactively mitigated.
Catch the full on-demand webinar here:
https://www.beyondtrust.com/resources/webinar/hackers-playbook-think-like-cybercriminal-reduce-risk/?access_code=de936e36f25bb91acaae7593959af3c1
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?Anthony Melfi
Despite being around for well over six years, the position of a "cyber threat analyst" is one that is still not yet clearly defined. The lack of definition is due to the positions popularity and infancy. This talk isn't about stating which definition is right or wrong. This presentation is about the set of skills, concepts and theories which enable an analyst to be successful under any definition of "cyber threat analyst". For beginners it is a road-map. For experienced analysts it is a cross-pollination of ideas.
I was extremely excited and nervous to deliver the first non-keynote presentation at bsides NOVA 2017. The actual presentation is posted to youtube: https://www.youtube.com/watch?v=Xzd4ousd8-U&list=PLNhlcxQZJSm95e9Z5mvkAk5H3eEBFuVSf&index=19
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
Can we really detect advanced attacks? This session walks through 4 published attacks to point out what we can learn and detect using malware management, some cheat sheets and Security 101. LOG-MD, FILE-MD, Malware Archaeology
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...EC-Council
Today there is a dispute over the ethics of operations involving honeypots and honeynets in cyber security. However, many organizations will adopt the use of such techniques and tools to develop defensive strategies to stop attackers. For professional offensive security practitioners, detecting, bypassing, and even avoiding honeypots is a new challenge and much is to be discovered and shared. This brief will work to accomplish these objectives and begin the development of a new framework for Counter Honeypot Operations (CHOps).
How to build a cyber threat intelligence programMark Arena
Delivered at ACSC in Canberra on 10 April 2018.
Associated intelligence requirements spreadsheet is available for download at https://www.dropbox.com/s/rtisz5zdy5sl1w1/ACSC-Reqs.xlsx?dl=0
In this presentation we were looking at how cybersecurity threats are in Africa and which are the common type of attacks African countries are exposed to
A Deep Introduction to Ethical HackingSrashti Jain
The process of uncovering vulnerabilities or errors in a system is known as ethical hacking. I'm going to give you a thorough introduction to ethical hacking.
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญBAINIDA
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
ในงาน THE FIRST NIDA BUSINESS ANALYTICS AND DATA SCIENCES CONTEST/CONFERENCE จัดโดย คณะสถิติประยุกต์และ DATA SCIENCES THAILAND
Jon Murphy, National Practice Lead, AOS
Top 10 Trends for 2015 in Information Tech Risk Management
ITRM is more than merely security hardware and apps under the control of an overworked network admin. It is strategic and tactical process, technology, and people in various roles and levels working collaboratively to protect vital organizational assets like data, information, ability to delivery timely, and reputation. Organizations need continuous, current, Actionable InsightSM about probable sources of majorly impactful risks and threats. Then and only then are they adequately prepared to make the smartest investments in continuing education, process improvement, and procedures for the proper use of the right technology for their situation. This multi-media, interactive presentation will cover the current top trends for 2015 in ITRM and that Actionable InsightSM - what your organization can and should do about likely and impactful IT risks and vulnerabilities.
Ethical Hacking Certifications
There are various ethical hacking certifications available, including:
Certified Ethical Hacker (CEH)
CEH is a certification offered by the International Council of Electronic Commerce Consultants (EC-Council) and is widely recognized in the industry.
Legal and Ethical Issues in Ethical Hacking
Although ethical hacking is a legal and authorized process, it still raises some legal and ethical concerns. Ethical hackers should ensure that they do not violate any laws or compromise the privacy and confidentiality of the system owner’s data. It is essential to obtain proper authorization before conducting ethical hacking activities.
Common Cybersecurity Threats and Vulnerabilities
Some of the most common cybersecurity threats and vulnerabilities include:
Malware
Malware is a malicious software designed to harm or gain unauthorized access to a computer system or network.
Phishing
Phishing is a technique used by hackers to trick individuals into divulging sensitive information or access to a system.
Denial of Service (DoS) Attacks
DoS attacks involve flooding a network or computer system with traffic to disrupt its normal functioning.
SQL Injection
SQL injection involves inserting malicious code into a SQL database to access sensitive information or manipulate the database.
Ethical Hacking vs. Penetration Testing
Ethical hacking and penetration testing are often used interchangeably, but they are not the same. Ethical hacking is a broader term that encompasses various techniques to identify and fix security vulnerabilities, while penetration testing is a specific type of ethical hacking that involves testing
Benefits of Ethical Hacking
The benefits of ethical hacking include:
Improved Security
Ethical hacking helps identify vulnerabilities and potential security threats, which can be fixed to improve the overall security of the system.
Cost-Effective
Ethical hacking is a cost-effective way of identifying security threats compared to dealing with a real cyber attack.
Regulatory Compliance
Ethical hacking helps organizations comply with regulatory requirements and avoid legal penalties.
Ethics and Professionalism in Ethical Hacking
Ethical hackers should adhere to a code of ethics and professionalism to ensure they maintain high standards of integrity and honesty. They should not misuse their skills for personal gain or harm others in any way.
Future of Ethical Hacking
The future of ethical hacking looks promising, as organizations continue to prioritize cybersecurity and invest in ethical hacking to identify and fix security vulnerabilities.
Conclusion
Ethical hacking is an essential aspect of cybersecurity that helps identify and fix security vulnerabilities to prevent unauthorized access, data theft, and cyber attacks. Ethical hacking involves various types and requires specific skills, tools, and certifications to perform. However, ethical hacking also raises legal and ethical concerns that should be addr
Security testing tools are only as good as the humans who use them. Learn how to turn an automated security effort into an effective security assessment.
In our webinar “What is Threat Hunting and why do you need it?" we discussed the folowing key points:
1. What Threat hunting is.
2. Why it is becoming so popular and what kinds of attacks are making it necessary.
3. What the challenges are.
4. Threat Hunting and Investigation services for attacks.
5. Case studies.
Find out more on https://www.pandasecurity.com/business/adaptive-defense/?utm_source=slideshare&utm_medium=social&utm_content=SM_EN_WEB_adaptive_defense&track=180715
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
In this presentation from their joint webinar, security experts and trainers at CQURE, Greg Tworek and Mike Jankowski-Lorek, help you put on your hacker cap to better identify dangerous vulnerabilities, strengthen your systems, and STOP the data breaches that litter the news sites today. They will also demonstrate how to exploit systems and how (from the hacker perspective) this can be proactively mitigated.
Catch the full on-demand webinar here:
https://www.beyondtrust.com/resources/webinar/hackers-playbook-think-like-cybercriminal-reduce-risk/?access_code=de936e36f25bb91acaae7593959af3c1
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?Anthony Melfi
Despite being around for well over six years, the position of a "cyber threat analyst" is one that is still not yet clearly defined. The lack of definition is due to the positions popularity and infancy. This talk isn't about stating which definition is right or wrong. This presentation is about the set of skills, concepts and theories which enable an analyst to be successful under any definition of "cyber threat analyst". For beginners it is a road-map. For experienced analysts it is a cross-pollination of ideas.
I was extremely excited and nervous to deliver the first non-keynote presentation at bsides NOVA 2017. The actual presentation is posted to youtube: https://www.youtube.com/watch?v=Xzd4ousd8-U&list=PLNhlcxQZJSm95e9Z5mvkAk5H3eEBFuVSf&index=19
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
Can we really detect advanced attacks? This session walks through 4 published attacks to point out what we can learn and detect using malware management, some cheat sheets and Security 101. LOG-MD, FILE-MD, Malware Archaeology
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...EC-Council
Today there is a dispute over the ethics of operations involving honeypots and honeynets in cyber security. However, many organizations will adopt the use of such techniques and tools to develop defensive strategies to stop attackers. For professional offensive security practitioners, detecting, bypassing, and even avoiding honeypots is a new challenge and much is to be discovered and shared. This brief will work to accomplish these objectives and begin the development of a new framework for Counter Honeypot Operations (CHOps).
How to build a cyber threat intelligence programMark Arena
Delivered at ACSC in Canberra on 10 April 2018.
Associated intelligence requirements spreadsheet is available for download at https://www.dropbox.com/s/rtisz5zdy5sl1w1/ACSC-Reqs.xlsx?dl=0
In this presentation we were looking at how cybersecurity threats are in Africa and which are the common type of attacks African countries are exposed to
One of the most common questions asked by newbies is how to get started into cybersecurity, in this presentation i talked about various ways on which people can get started into cybersecurity
Cybersecurity in the blue economy | 2022KharimMchatta
At the annual Tanzania ICT conference, I had the esteemed opportunity to deliver a presentation that intersected the realms of the blue economy and cybersecurity. By bridging these two pivotal domains, the presentation aimed to elucidate the critical symbiosis between the maritime sector's technological advancements and the imperative of robust cybersecurity measures. This comprehensive exploration underscored the necessity for harmonizing sustainable growth in the blue economy with resilient cybersecurity strategies, reflecting the ever-evolving digital landscape's influence on maritime operations and security paradigms.
Commonwealth of Learning cybersecurity training for teachers | 2022KharimMchatta
I had the privilege of receiving an invitation from the Commonwealth of Learning to conduct a training session targeted at their members, predominantly comprised of educators and lecturers. The training was meticulously designed to raise awareness within the education sector, focusing on imparting knowledge about cybersecurity measures that both educators and their students can adopt for their protection. Through this engagement, the aim was to equip participants with the necessary insights to navigate potential online risks and ensure a secure digital environment conducive to effective teaching and learning.
While securing one's inaugural position in the realm of cybersecurity might appear straightforward, the process is far from facile. In this presentation, we meticulously examine the multifaceted challenges associated with attaining a foothold in the cybersecurity industry. By delineating diverse strategies and approaches, we aim to impart valuable insights into the nuanced journey of realizing one's professional aspirations. This comprehensive exploration underscores the significance of a strategic and informed approach to ultimately materialize the endeavor of securing an ideal role within the cybersecurity domain.
Cybersecurity and Digital Forensics | 2022KharimMchatta
At the ISACA Annual Conference, I delivered a presentation that delved into the interrelation between cybercrime and digital forensics. By examining the intricate connection between these two pivotal domains, I aimed to elucidate the symbiotic relationship that exists, wherein the techniques and methodologies of digital forensics play a crucial role in the investigation and mitigation of cybercrime incidents. Through this comprehensive analysis, attendees gained valuable insights into the dynamic landscape of cyber threats and the essential role digital forensics assumes in the pursuit of effective cybercrime prevention and response strategies.
During this informative session, our focus centered on elucidating various methodologies through which an individual can potentially exploit vulnerabilities within web applications. By engaging with the students from the University of Dodoma, we provided valuable insights into a spectrum of techniques employed when assessing a web application's security resilience. By imparting these multifaceted approaches, our objective was to equip the participants with a comprehensive understanding of potential attack vectors, thereby enhancing their capacity to effectively evaluate and fortify the security posture of web applications.
Cybercrime's accelerated by covid 19 | 2021KharimMchatta
During the ISACA Cybersecurity Day, our presentation focused on the surge in cybercrime precipitated by the COVID-19 pandemic. Through a comprehensive analysis, we explored the correlation between the global health crisis and the escalation of cyber threats. By shedding light on the intricate dynamics at play and the vulnerabilities exposed during this period, we aimed to deepen attendees' understanding of the evolving threat landscape and underscore the imperative for robust cybersecurity measures in the face of unprecedented challenges.
Threat Modelling in Penetration Testing | 2021KharimMchatta
Threat Modelling holds substantial importance in penetration testing, yet its significance often goes unrecognized. This presentation will elucidate the process of performing effective threat modelling during engagements, encompassing methodologies such as STRIDE and emphasizing real-world cases to underscore the implications of inadequate practices. Attendees will gain practical insights into implementing threat modelling through best practices, fostering a heightened appreciation for its role in enhancing cybersecurity strategies.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
2. Who am i
• Mchatta Kharim
• CEO at HACK IT Consultancy
• Half a decade of experience in
cybersecurity and digital forensics
• My experience revolves around
various industries including financial
institutions, education institution,
government institutions, non-profit
organizations, telecommunication,
research institutes, publication
institutes etc
Kenya
• Public Speaking
• Training
• CTF Competition
• Mentor
Tanzania
• Public Speaking
• Training
• CTF Competition
• Digital Forensics
• Penetration Testing
• Curriculum Creation
• Public Speaking
Egypt
• Public Speaking
• Public Speaking
Morocco
Rwanda
• Public Speaking
Nigeria
• Penetration testing
Ghana
• Penetration testing
• Public speaking
South Africa
• Penetration testing
Benin
Uganda
• Public Speaking
Experience in Africa
3. Experience in USA & Europe
• Penetration Testing US Department
of Defense
United States of America
UK
• Author at eForensics
Magazine
• Author at PenTest
Magazine
• Penetration testing
( Research Institute)
Poland
Germany
• Subject Matter Expert
(DW Swahili)
4. CYBERSECURITY IN DIGITAL
TRANSFORMATION
Todays talk will be around:
What is threat Modelling
- Business Perspective (Blue teaming)
- Attackers Perspective (Red teaming)
Key takeaway of threat modelling
Reasons why we threat model
5. THREAT MODELLING
Definitions:
What is threat modelling
a. The business perspective (Blue teaming perspective)
b. The Attackers perspective (Red teaming perspective)
In threat modelling there are two perspective that people need to understand
depending on the occupation that you are in
9. THREAT MODELLING
(REALWORLD SCENARIO)
Application A Application B
Internal Web Server Third party Web Server
Milk company Tea company
From the two companies who is going to spend a lot of resources to secure their
application, and why?
10. THREAT MODELLING
(ATTACKER’S PERSPECTIVE)
Threat modelling from a business perspective is the process of
ASSETS ATTACKERS
Firewall
Server
Credentials
Admin Panel
Hidden Directories
Databases Hackers
11. THREAT MODELLING
(ATTACKER’S PERSPECTIVE)
Threat modelling helps attackers identify shortest route to the end goal
THREAT MODELLING
1. Understand your target - Understand your target business model and what are
their assets
2. What are your objective - identify what is your end goal, is it to see what less
privileged users can do in the system etc
3. List of tasks to do - You must have a checklist of things that you want must
do
4. Attack vectors to cover What attack vectors are going to be used is is
authentication, non authentication, Social Eng. etc
5. Hinderance of attack vector what is going to make your attacks not to be successful,
is it firewalls, filtering mechanisms, IDPS, scripting
disabled, enumeration disabled, changing of
administrative url etc
Mmmhh!!! I
guess this threat
modelling staff
isn’t bad after all
12. THREAT MODELLING
(ATTACKER’S PERSPECTIVE)
This is one of the ways on which an attacker would approach their target.
Rookie
Website
Access
Admin Panel
Credentials
Password guessing
Authentication Attacks
Check for technology used
Check if there is existence of WAF
Check for filtering mechanism
Hidden Directories
Look for misconfiguration
Backup files, Config files etc
Non - Authentication Attacks
13. THREAT MODELLING
(OUTCOME FROM BUSINESS)
a. Identifying assets owned by the company
b. What threats are the assets exposed to
c. Helps to identify which assets need more emphasis on security
d. Increase asset security
Business Outcome of threat modelling
14. THREAT MODELLING
(OUTCOME FROM BUSINESS)
Attackers Outcome of threat modelling
a. Find the shortest route to the target
b. Efficiency and precise in their attacks
c. Saves time for the attacker
15. “If you don’t invest in cybersecurity, you will be dead”
Stephen Kwame – MD of SIC Insurance
CYBERSECURITY IN DIGITAL
TRANSFORMATION