In my opinion, cheating acceptable - it merely means expanding the frame of an application to the point, which is beyond what the creators of the application have ever imagined. In this talk, we explore how the popular instumentalisation framework Frida can be used to hack applications from games to mobile banking applications.
Pull vs Push is the hot topic when you starts to evaluate a monitoring system. During this talk I showed how Prometheus and InfluxDB work and how you can get service discovery and pull mechanism with InfluxDB. The demo is linked as github repository.
Continuous Integration is a necessary evil in any software company. Whether you are running an internal Jenkins cluster or outsourcing to a hosted service, a CI pipeline is likely part of your application or infrastructure build process. This talk discusses how HashiCorp's open source tools can help alleviate the common pitfalls of CI challenges.
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour December 2020
By Jacob Benjamin, Principal Industrial Consultant Dragos, INL, & University of Idaho
Design Basis Threat (DBT) is concept introduced by the Nuclear Regulatory Commission (NRC). It is a profile of the type, composition, and capabilities of an adversary. DBT is the key input nuclear power plants use for the design of systems against acts of radiological sabotage and theft of special nuclear material. The NRC expects its licensees, nuclear power plants, to demonstrate that they can defend against the DBT. Currently, cyber is included in DBTs simply as a prescribed list of IT centric security controls. Using MITRE’s ATT&CK framework, Cyber DBTs can be created that are specific to the facility, its material, or adversary activities.
A large amount of current malware uses various anti-virtual-machine techniques in order to avoid detection by analysis. These techniques allow the malware to detect the virtual machine which will then execute a benign action or simply do nothing. Many of these techniques are bases on finding specific files in the system or consulting some windows registry keys. The purpose of this research is to study the characteristics of the ORacle Virtual Box virtualized system and try to replicate the configuration on a physical computer, in order to trick malware into thinking it is in a virtual environment and thus not triggering its execution.
Pull vs Push is the hot topic when you starts to evaluate a monitoring system. During this talk I showed how Prometheus and InfluxDB work and how you can get service discovery and pull mechanism with InfluxDB. The demo is linked as github repository.
Continuous Integration is a necessary evil in any software company. Whether you are running an internal Jenkins cluster or outsourcing to a hosted service, a CI pipeline is likely part of your application or infrastructure build process. This talk discusses how HashiCorp's open source tools can help alleviate the common pitfalls of CI challenges.
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour December 2020
By Jacob Benjamin, Principal Industrial Consultant Dragos, INL, & University of Idaho
Design Basis Threat (DBT) is concept introduced by the Nuclear Regulatory Commission (NRC). It is a profile of the type, composition, and capabilities of an adversary. DBT is the key input nuclear power plants use for the design of systems against acts of radiological sabotage and theft of special nuclear material. The NRC expects its licensees, nuclear power plants, to demonstrate that they can defend against the DBT. Currently, cyber is included in DBTs simply as a prescribed list of IT centric security controls. Using MITRE’s ATT&CK framework, Cyber DBTs can be created that are specific to the facility, its material, or adversary activities.
A large amount of current malware uses various anti-virtual-machine techniques in order to avoid detection by analysis. These techniques allow the malware to detect the virtual machine which will then execute a benign action or simply do nothing. Many of these techniques are bases on finding specific files in the system or consulting some windows registry keys. The purpose of this research is to study the characteristics of the ORacle Virtual Box virtualized system and try to replicate the configuration on a physical computer, in order to trick malware into thinking it is in a virtual environment and thus not triggering its execution.
Emulate virtual machines to avoid malware infections - GrrCON 2014jordivazquez
A large amount of current malware uses various anti-virtual-machine techniques in order to avoid detection by analysis. These techniques allow the malware to detect the virtual machine which will then execute a benign action or simply do nothing. Many of these techniques are bases on finding specific files in the system or consulting some windows registry keys. The purpose of this research is to study the characteristics of the ORacle Virtual Box virtualized system and try to replicate the configuration on a physical computer, in order to trick malware into thinking it is in a virtual environment and thus not triggering its execution.
This talk is a collection of my thoughts and observations since my early infosec days - some technical, some philosophical and some pointed questions for all of us to reflect upon. I would like to talk about my journey in the information security industry, from the fledgling years in the late 90s where I was still entrenched in academia to the present day where infosec is redefining the world's political boundaries, literally and figuratively.
Drupalgeddon 2 – Yet Another Weapon for the AttackerDefCamp
Radu-Emanuel Chiscariu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Stève Sfartz - Meeting rooms are talking! Are you listening? - Codemotion Ber...Codemotion
How can you tell if meeting room A302 is occupied right now? Ask an API! The same Cisco Collab devices that provide high-quality video are also embedding a rich API where you can get real-time info and create a personalized experience with custom UI controls. In this talk, we’ll detail how to create controls to turn off the lights or take the curtains down, how to build interactive maps that show rooms occupation in React, or build a Maze game in Javascript and deploy it to the latest Cisco Collab devices. If you love modern user experiences, IoT, know a bit Javascript, come get inspired!
Stève Sfartz - Meeting rooms are talking! Are you listening? - Codemotion Ber...Codemotion
How can you tell if meeting room A302 is occupied right now? Ask an API! The same Cisco Collab devices that provide high-quality video are also embedding a rich API where you can get real-time info and create a personalized experience with custom UI controls. In this talk, we’ll detail how to create controls to turn off the lights or take the curtains down, how to build interactive maps that show rooms occupation in React, or build a Maze game in Javascript and deploy it to the latest Cisco Collab devices. If you love modern user experiences, IoT, know a bit Javascript, come get inspired!
Completing the Microservices Puzzle: Kubernetes, Prometheus and FreshTracks.ioCA Technologies
Completing the Microservices Puzzle: Kubernetes, Prometheus and FreshTracks.io
For more information on CA Accelerator, please visit: http://ow.ly/Mbww50fO7a8
HITCON 2015 - DGAs, DNS and Threat IntelligenceJohn Bambenek
Domain Generation Algorithms (DGAs) and DNS provide a layer of resilience to botnets and malware. They also provide new and novel ways to monitor and surveil malicious networks. This talk will discuss methods you can use to turn DGAs and DNS against malware operators in order to better protect your enterprise.
A presentation of some of the security features and APIs in iPhone OS, allowing discussion of the threat model underlying Apple's chosen mitigation technology.
Panoramic | Snowflake Office Hours August 27, 2019PanoramicHQ
Data is the core of Panoramic’s business. It’s our job to help marketers see past the dense “data fog” to actionable insights. If the data isn’t accurate and accessible, we don’t have a product. Prior to working with Snowflake, we were challenged with building data processing systems on top of “legacy” or “bleeding edge” stacks. In this session, we’ll discuss how Snowflake’s modern data processing stack helped us overcome those challenges and the positive outcomes experienced as a result.
Presented on April 14, 2018 at CarolinaCon (https://www.carolinacon.org). This talk will provide a quick overview honeypots, an explanation of the cyber deception space, and the benefits of implementing deception as part of your cyber defense program. In addition, this talk will highlight the HoneyDB project, which enables anyone to get started with operating deception sensors and start collecting threat information. Finally, this presentation will describe how I built scalable honeypot sensor collection, employing a "Frankenstein Cloud Architecture", for minimal cost.
Presented on May 9, 2018 at SOURCE Conference Boston
(https://sourceconference.com/events/bos18/).
This version contains minor updates from previous presentations.
This talk will provide a quick overview honeypots, an explanation of the cyber deception space, and the benefits of implementing deception as part of your cyber defense program. In addition, this talk will highlight the HoneyDB project, which enables anyone to get started with operating deception sensors and start collecting threat information. Finally, this presentation will describe how I built scalable honeypot sensor collection, employing a "Frankenstein Cloud Architecture", for minimal cost.
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
Experts from Symantec and MITRE explore the latest research and best practices for detecting targeted ransomware in your environment.
Watch on-demand webinar here: https://symc.ly/2L7ESFI.
With our recent work, asynchronous super parallel grabber, we show how one should work with networks that have very high RTTs -- the dark web for example. We then look how well it applies for the mass-scraping of clear/dark web services, getting some impressive results -- all of the scraping works done from the dark web as a bonus. (Hacker's Party 2019 The Conference talk) #hackersparty
Vincent Ruijter - ~Securing~ Attacking Kuberneteshacktivity
This talks' focus lays on a popular containerization tool called Kubernetes. Common implementations of Kubernetes are not secure by default and a lot of information about hardening is not known to the public. Since version 1.7 the security level has increased and common security misconfigurations have been mitigated. During this talk it will be demonstrated what happens if these mitigations are not applied and how to abuse them. The talk will be about both securing and attacking the platform and could be considered a 'purple team' talk. Multiple live demos are planned, most of them ending in a guest-to-host escape and a root shell.
Balázs Bucsay - XFLTReaT: Building a Tunnelhacktivity
XFLTReaT is an open-source tunnelling framework that handles all the boring stuff and offers the capability to the users to take care of only those things that matter. It provides significant improvements over existing tools. From now on there is no need to write a new tunnel for each and every protocol or to deal with interfaces and routing. Any protocol can be converted to a module, which works in a plug-and-play fashion; authentication and encryption can be configured and customised on all traffic and it is also worth mentioning that the framework was designed to be easy to configure, use and develop. In case there is a need to send packets over ICMP, RDP or SSH then this can be done in a matter of minutes, instead of developing a new tool from scratch. The potential use (or abuse) cases are plentiful, such as bypassing network restrictions of an ISP, the proxy of a workplace or obtaining Internet connectivity through bypassing captive portals in the middle of the Atlantic Ocean or at an altitude of 12km on an airplane.
This framework is not just a tool; it unites different technologies in the field of tunnelling. It will be show how to tunnel data over a Windows jumpbox utilising RDP (including the dirty low level "secrets") or how to exfiltrate data over ICMP from barely secured networks. We have simplified the whole process and created a framework that is responsible for everything but the communication itself, we rethought the old way of tunnelling and tried to give something new to the community. After the initial setup the framework takes care of everything. With the check functionality we can even find out, which module can be used on the network, there is no need for any low-level packet fu and hassle. I guarantee that you won’t be disappointed with the tool and the talk, actually you will be richer with an open-source tool.
More Related Content
Similar to Zsombor Kovács - Cheaters for Everything from Minesweeper to Mobile Banking Applications
Emulate virtual machines to avoid malware infections - GrrCON 2014jordivazquez
A large amount of current malware uses various anti-virtual-machine techniques in order to avoid detection by analysis. These techniques allow the malware to detect the virtual machine which will then execute a benign action or simply do nothing. Many of these techniques are bases on finding specific files in the system or consulting some windows registry keys. The purpose of this research is to study the characteristics of the ORacle Virtual Box virtualized system and try to replicate the configuration on a physical computer, in order to trick malware into thinking it is in a virtual environment and thus not triggering its execution.
This talk is a collection of my thoughts and observations since my early infosec days - some technical, some philosophical and some pointed questions for all of us to reflect upon. I would like to talk about my journey in the information security industry, from the fledgling years in the late 90s where I was still entrenched in academia to the present day where infosec is redefining the world's political boundaries, literally and figuratively.
Drupalgeddon 2 – Yet Another Weapon for the AttackerDefCamp
Radu-Emanuel Chiscariu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Stève Sfartz - Meeting rooms are talking! Are you listening? - Codemotion Ber...Codemotion
How can you tell if meeting room A302 is occupied right now? Ask an API! The same Cisco Collab devices that provide high-quality video are also embedding a rich API where you can get real-time info and create a personalized experience with custom UI controls. In this talk, we’ll detail how to create controls to turn off the lights or take the curtains down, how to build interactive maps that show rooms occupation in React, or build a Maze game in Javascript and deploy it to the latest Cisco Collab devices. If you love modern user experiences, IoT, know a bit Javascript, come get inspired!
Stève Sfartz - Meeting rooms are talking! Are you listening? - Codemotion Ber...Codemotion
How can you tell if meeting room A302 is occupied right now? Ask an API! The same Cisco Collab devices that provide high-quality video are also embedding a rich API where you can get real-time info and create a personalized experience with custom UI controls. In this talk, we’ll detail how to create controls to turn off the lights or take the curtains down, how to build interactive maps that show rooms occupation in React, or build a Maze game in Javascript and deploy it to the latest Cisco Collab devices. If you love modern user experiences, IoT, know a bit Javascript, come get inspired!
Completing the Microservices Puzzle: Kubernetes, Prometheus and FreshTracks.ioCA Technologies
Completing the Microservices Puzzle: Kubernetes, Prometheus and FreshTracks.io
For more information on CA Accelerator, please visit: http://ow.ly/Mbww50fO7a8
HITCON 2015 - DGAs, DNS and Threat IntelligenceJohn Bambenek
Domain Generation Algorithms (DGAs) and DNS provide a layer of resilience to botnets and malware. They also provide new and novel ways to monitor and surveil malicious networks. This talk will discuss methods you can use to turn DGAs and DNS against malware operators in order to better protect your enterprise.
A presentation of some of the security features and APIs in iPhone OS, allowing discussion of the threat model underlying Apple's chosen mitigation technology.
Panoramic | Snowflake Office Hours August 27, 2019PanoramicHQ
Data is the core of Panoramic’s business. It’s our job to help marketers see past the dense “data fog” to actionable insights. If the data isn’t accurate and accessible, we don’t have a product. Prior to working with Snowflake, we were challenged with building data processing systems on top of “legacy” or “bleeding edge” stacks. In this session, we’ll discuss how Snowflake’s modern data processing stack helped us overcome those challenges and the positive outcomes experienced as a result.
Presented on April 14, 2018 at CarolinaCon (https://www.carolinacon.org). This talk will provide a quick overview honeypots, an explanation of the cyber deception space, and the benefits of implementing deception as part of your cyber defense program. In addition, this talk will highlight the HoneyDB project, which enables anyone to get started with operating deception sensors and start collecting threat information. Finally, this presentation will describe how I built scalable honeypot sensor collection, employing a "Frankenstein Cloud Architecture", for minimal cost.
Presented on May 9, 2018 at SOURCE Conference Boston
(https://sourceconference.com/events/bos18/).
This version contains minor updates from previous presentations.
This talk will provide a quick overview honeypots, an explanation of the cyber deception space, and the benefits of implementing deception as part of your cyber defense program. In addition, this talk will highlight the HoneyDB project, which enables anyone to get started with operating deception sensors and start collecting threat information. Finally, this presentation will describe how I built scalable honeypot sensor collection, employing a "Frankenstein Cloud Architecture", for minimal cost.
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
Experts from Symantec and MITRE explore the latest research and best practices for detecting targeted ransomware in your environment.
Watch on-demand webinar here: https://symc.ly/2L7ESFI.
With our recent work, asynchronous super parallel grabber, we show how one should work with networks that have very high RTTs -- the dark web for example. We then look how well it applies for the mass-scraping of clear/dark web services, getting some impressive results -- all of the scraping works done from the dark web as a bonus. (Hacker's Party 2019 The Conference talk) #hackersparty
Vincent Ruijter - ~Securing~ Attacking Kuberneteshacktivity
This talks' focus lays on a popular containerization tool called Kubernetes. Common implementations of Kubernetes are not secure by default and a lot of information about hardening is not known to the public. Since version 1.7 the security level has increased and common security misconfigurations have been mitigated. During this talk it will be demonstrated what happens if these mitigations are not applied and how to abuse them. The talk will be about both securing and attacking the platform and could be considered a 'purple team' talk. Multiple live demos are planned, most of them ending in a guest-to-host escape and a root shell.
Balázs Bucsay - XFLTReaT: Building a Tunnelhacktivity
XFLTReaT is an open-source tunnelling framework that handles all the boring stuff and offers the capability to the users to take care of only those things that matter. It provides significant improvements over existing tools. From now on there is no need to write a new tunnel for each and every protocol or to deal with interfaces and routing. Any protocol can be converted to a module, which works in a plug-and-play fashion; authentication and encryption can be configured and customised on all traffic and it is also worth mentioning that the framework was designed to be easy to configure, use and develop. In case there is a need to send packets over ICMP, RDP or SSH then this can be done in a matter of minutes, instead of developing a new tool from scratch. The potential use (or abuse) cases are plentiful, such as bypassing network restrictions of an ISP, the proxy of a workplace or obtaining Internet connectivity through bypassing captive portals in the middle of the Atlantic Ocean or at an altitude of 12km on an airplane.
This framework is not just a tool; it unites different technologies in the field of tunnelling. It will be show how to tunnel data over a Windows jumpbox utilising RDP (including the dirty low level "secrets") or how to exfiltrate data over ICMP from barely secured networks. We have simplified the whole process and created a framework that is responsible for everything but the communication itself, we rethought the old way of tunnelling and tried to give something new to the community. After the initial setup the framework takes care of everything. With the check functionality we can even find out, which module can be used on the network, there is no need for any low-level packet fu and hassle. I guarantee that you won’t be disappointed with the tool and the talk, actually you will be richer with an open-source tool.
Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webappshacktivity
Adobe Experience Manager (AEM) is an enterprise-grade CMS. It’s used by high-profile companies like Linkedin, Apple, Mastercard, Western Union, Cisco, General Motors, and others. AEM is built on top of the Apache Sling, Apache Felix and Apache Jackrabbit Oak projects. In the talk, the author will share unique methodology on how to approach AEM weabpps in pentests or bug bounty programs. Misconfiguration issues, as well as product vulnerabilities, will be covered in the talk, including newly discovered vulnerabilities for which Adobe PSIRT assigned CVE ids. The author will share automation tool for discovering vulnerabilities and misconfigurations discussed in the talk.
Gabrial Cirlig & Stefan Tanase - Smart Car Forensics and Vehicle Weaponizationhacktivity
As “smart” is becoming the new standard for everything, malicious threat actors are quick to capitalize on the insecurity of IoT devices. Hackers compromising your network and spying on you is not something new in the world of personal computers, but definitely an emerging threat in the world of personal cars.
Csongor Tamás - Examples of Locality Sensitive Hashing & their Usage for Malw...hacktivity
Several tools has been proposed for malware classification and similarity detection of binary malware samples, however none of them can solve all issues. In my presentation, I'll cover the problematics of Locality Sensitive Hashes and provide some experimental information about the comparison of different LSH algorithms. SSDEEPS's base algorithm, spamsum was originally designed for spam email detection. Although it discoveres some similarity between binaries, it basically needs large equal pieces of the byte code. This only happens rarely and can easily be altered. One of the contenders, TLSH (TrendMicro Locality Sensitive Hash) is a more stable similarity matching process. I'm going to present the results of the comparison on a smaller size samples set (~30k samples). Using LSHs is easy and doesn't require huge computational resources so after the process was deemed useful and effective it was extended to a large malware database of multiple hundreds of terabytes of samples. The experiments focus on ransomware sample classification, so I'm also going to present some details related to hunting for fresh unknown malware samples of known groups.
Matthias Deeg - Bypassing an Enterprise-Grade Biometric Face Authentication S...hacktivity
Biometric authentication systems have long, checkered history in IT security and are regarded as a highly controversial technology. Many manufacturers and users love them because of their usability and the personal touch they give to human-computer interaction when it comes to an often annoying but necessary task like user authentication. Other people hate them because of data privacy and security concerns. Despite all the controversy, biometric authentication systems are still here and they seem to stay.
In fall 2017, SySS GmbH started a research project concerning the enterprise-grade face authentication system Microsoft Windows Hello Face Authentication based on near infrared technology.
In our talk, we will present the results of our research project concerning the enterprise-grade face authentication system Windows Hello Face Authentication by Microsoft based on near infrared and visible light and will demonstrate how different versions of it can be bypassed by rather simple means.
Gergely Biczók - Interdependent Privacy & the Psychology of Likeshacktivity
The Facebook/Cambridge Analytica case headlined technical news the whole Spring of 2018. This case is not the first (and certainly not the last) that demonstrates privacy issues with Facebook and the ecosystem around it; yet, it gained notoriety because of its scale and alleged direct effect on the outcome of the US presidential election. In this talk we look behind the scenes and under the hood and analyze the IT, economic, psychological and legal background necessary to understand the full impact of the Cambridge Analytica case. We touch upon the underlying economic theory on externalities that defines interdependent privacy and sets the scene at a high level; the permission system of the Facebook API that enabled the collection of personal data at scale; the breakthrough psychology research that enabled the use of these data to influence political elections; and the legal impact through the lens of the GDPR.
Paolo Stagno - A Drone Tale: All Your Drones Belong To Ushacktivity
In 2013, DJI Drones quickly gained the reputation as the most stable platform for use in aerial photography and other fields. Since then Drones have increased their field of application and are actively used across various industries (law enforcement and first responders, utility companies, governments and universities) to perform critical operations on daily basis. As a result of that, Drones security has also become a hot topic in the industry.
This talk will provide a comprehensive overview of the security model and security issues affecting the underlying technologies, including existing vulnerabilities in the radio signals, Wi-Fi, Chipset, FPV system, GPS, App and SDK. As part of the presentation, we will discuss the architecture of one of the most famous and popular consumer drone product: the DJI Phantom 3. This model will be used to demonstrate each aspect of discovered security vulnerabilities, together with recommendations and mitigations.
A special focus will be on the recent changes and countermeasures DJI has applied to the firmware of its products in order to harden the security, following the recent accusations and the US Army ban. While the topic of hacking drones by faking GPS signals has been shared before at major security conferences in the past, this talk will extend these aspects to include geo-fencing and no fly zones abuses.
Jack S (linkcabin) - Becoming The Quiz Master: Thanks RE.hacktivity
linkcabin aims to discuss the journey of reverse engineering a pub quiz machine, to a point of emulation. By reverse engineering the software, lessons have been learnt in implementation of security, limits in 'security by obscurity' software solutions and how complex actual machines which involve betting are. After reverse engineering parts of the machine, and coming from a threat intelligence background, it becomes clear how similar software and malware developers minds really are for functionality.
While still developing software for an archaic operating system, much like critical infrastructure around the world, it becomes hard to balance both security and functionality.
Zoltán Balázs - Ethereum Smart Contract Hacking Explained like I’m Fivehacktivity
Mining. Ethereum. Smart Contracts. Gas. Solidity. DAO. These words had no or a different meaning 5 years ago. But now these are the foundations of something exciting and powerful. But with great power comes great responsibility. Designing and implementing Smart Contracts are like encryption protocols. Everyone can come up with one which looks secure from the developer’s perspective, but only a few can design and implement one which is really safe.
But how can one hack Smart Contracts? In order to understand this, I will explain the meaning of all of these words in the Ethereum world from the ground-ups with real life analogies. Once the basic building blocks are explained, I will guide you into the world of hacking Smart Contracts. After attending this presentation, everyone will understand how a recursive call can burn 250M USD on the DAO and how developers can create a parallel universe where this never happened. Reinit? Multi-signature wallets? The Parity hack? All of this is simple once the basics are founded.
Warning: case studies from recent real-life hacks and live interaction with Smart Contracts are included. And Cryptokitties. Meow.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
4. HACKTIVITY 2018
WHOAMI
▸ Zsombor Kovacs CISSP,
OSCP, OSWP, OSCE
▸ Researcher, testing pens for
a decade
▸ Director of Research @MRG
Effitas
▸ Founder of Hackersuli
8. HACKTIVITY 2018
TAMPERING WITH THE RUNTIME
▸ Run-time manipulation of...
everything
▸ Intercept and change method
call parameters
▸ Overwrite methods
▸ ...and go home like nothing
happened
9. HACKTIVITY 2018
TOOLS OF THE TRADE
▸ From KitKat on
▸ Designed for permanent
changes
▸ Lots of modules
XPOSED FRAMEWORK
10. HACKTIVITY 2018
TOOLS OF THE TRADE
▸ Lots of modules
▸ Supported only on KitKat :(
CYDIA SUBSTRATE
12. HACKTIVITY 2018
A TYPICAL WORKFLOW WITH FRIDA
▸ Decompile the application.
▸ Pinpoint the relevant bits in the code.
▸ Create a frida script to tweak the code while the app is
being run.
▸ Run app and the script.
▸ Profit.
15. HACKTIVITY 2018
APPLICATION DECOMPILATION
▸ Gives an approximation of the actual code (no re-
compilation)
▸ Tools of the trade
▸ dex2jar (from .apk to .jar)
▸ Your Favourite Java Decompiler (from .jar to actual
code)
▸ http://apkdecompilers.com