This document discusses using honeypots to reverse penetrate attackers and gain intelligence on them. It describes how a honeypot was used to collect information from attackers like usernames, source IPs, and intermediate hosts. On some occasions, it allowed gaining access to third party services those attackers had authenticated with. The document concludes honeypots can provide useful intelligence but also raises legal and ethical concerns with counterattacking or collecting personal information.
Sandbox detection: leak, abuse, test - Hacktivity 2015Zoltan Balazs
This document discusses techniques for detecting and evading malware analysis sandboxes. It begins by outlining common sandbox detection methods like checking screen resolution, installed software, CPU/system information, and network settings. It then discusses challenges like simulating sleep functions and network connections. The document emphasizes that while evading analysis is possible, manual review remains difficult to defeat. It concludes by advising blue teams to thoroughly test sandboxes and customize them to their environment before purchasing.
Mutillidae and the OWASP Top 10 by Adrian Crenshaw aka IrongeekMagno Logan
The document discusses various web application vulnerabilities from the OWASP Top 10 list, including cross-site scripting (XSS), SQL injection, remote file inclusion, insecure direct object references, and cross-site request forgery (CSRF). It provides examples of each vulnerability type and recommendations for prevention. It also introduces Mutillidae, a deliberately vulnerable web application that can be used to demonstrate these vulnerabilities in a controlled environment.
This document summarizes a Peerlyst meetup in Delhi-NCR, India organized by chapter leads Abhinav Mishra and Ankit Giri. The meetup agenda included discussions on understanding and exploiting mobile applications, careers in bug bounties and penetration testing. It was hosted by TO THE NEW and aimed to create a security community in India by sharing knowledge through talks, workshops and networking.
How to Build Your Own Physical Pentesting Go-bagBeau Bullock
Whenever an attacker decides to attempt to compromise an organization they have a few options. They can try to send phishing emails, attempt to break in through an externally facing system, or if those two fail, an attacker may have to resort to attacks that require physical access. Having the right tools in the toolkit can determine whether a physical attacker is successful or not. In this talk we will discuss a number of different physical devices that should be in every physical pentester’s go-bag.
Stealing credentials from a locked computer, getting command and control access out of a network, installing your own unauthorized devices, and cloning access badges are some of the topics we will highlight. We will demo these devices from our own personal go-bags live. Specific use cases for each of the various devices will be discussed including build lists for some custom hardware devices.
IDA Vulnerabilities and Bug Bounty by Masaaki ChidaCODE BLUE
IDA Pro is an advanced disassembler software and often used in vulnerability research and malware analysis. IDA Pro is used to analyse software behavior in detail, if there was a vulnerability and the user is attacked not only can it have impact in a social sense but also impact legal proceedings. In this presentation I will discuss the vulnerabilities found and attacks leveraging the vulnerabilities and Hex-rays's remediation process and dialogue I had with them.
http://codeblue.jp/en-speaker.html#MasaakiChida
Jednym z najistotniejszych czynników wspierających ochronę krytycznej infrastruktury sieciowej jest czas reakcji zespołu reagowania na incydenty bezpieczeństwa (Incident Response Team).
Im szybciej, tym lepiej. Rozwiązania wspomagające wczesne wykrywanie ataków oparte o pasywną analizę zapytań DNS, zbiorów danych Netflow czy PCAP warto wesprzeć coraz częściej docenianą i wykorzystywaną produkcyjnie infrastrukturą typu honeynet. Rozsądne osadzenie sond honeypotowych w różnych segmentach sieci pozwoli na wykrycie ataku już w początkowych fazach rekonesansu i enumeracji. Dzięki honeypotom niejednokrotnie uzyskamy także szczegółowe informacje na temat nowej techniki ataku, próby wykorzystania błędu typu 0-day czy bardzo specyficznego użycia znanych od lat narzędzi.
"Know your enemy" - to dewiza, którą powinniśmy się kierować w trosce o rozwój defensywnych umiejętności zespołów bezpieczeństwa i honeypotowa sieć zdecydowanie posiada tu dużą wartość.
Podczas prelekcji postaram się przedstawić sposoby wykorzystania jak i możliwości oferowane przez open source'owe rozwiązania typu honeypot. Będziemy mówić o pojedynczych projektach imitujących rzeczywiste usługi (DNS, SMB, SSH, SCP/SFTP, FTP, telnet, HTTP, TFTP, MySQL/MSSQL, RDP i wiele innych), wstrzykiwaniu poprzez reverse proxy honeypotowych zawartości do aplikacji webowych, atakowaniu atakujących;) , kończąc na dedykowanych platformach z wbudowanych stackiem ELK.
The presentation was given at Seattle CodeCamp 2012 and covers Fuzz Testing.
Provides details on what is Fuzzing, why Fuzzing is so effective and how to Fuzz Test your application.
Nowadays REST APIs are behind each mobile and nearly all of web applications. As such they bring a wide range of possibilities in cases of communication and integration with given system. But with great power comes great responsibility. This talk aims to provide general guidance related do API security assessment and covers common API vulnerabilities. We will look at an API interface from the perspective of potential attacker.
I will show:
how to find hidden API interfaces
ways to detect available methods and parameters
fuzzing and pentesting techniques for API calls
typical problems
I will share several interesting cases from public bug bounty reports and personal experience, for example:
* how I got various credentials with one API call
* how to cause DoS by running Garbage Collector from API
Ultimate Guide to Setup DarkComet with NoIPPich Pra Tna
Simply Step by Step tutorial on how to setup DarkComet RAT the free and popular Remote Administration Tool.
This software is an efficient type of software, especially created to remote control any Microsoft
Windows machine.
Nightmares of a Penetration Tester ( How to protect your network)Chris Nickerson
As a professional penetration tester for the last 15+ years, I have seen many environments and technologies. I have had the pleasure / hell of testing systems I’d never even heard of, and the agony of defeat on a major scale. Rather than review the techniques used to work our way into systems, I will present the ways blue teams kept us out! In this session we will look at the technologies and techniques that have turned our traditional paths to root from minutes to months, and examine the tricks that got us “caught” along the way. Not all pen tests are a dream and nightmares can and do happen. So, let’s talk about how your environment can become an attacker’s worst nightmare instead of their favorite playground.
Things attendees will learn:
• Strategic defense
• Attacker techniques
• Indicators of Compromise
• Active blue team response techniques
• Security architecture
• Layered defensive techniques
Phd2013 lyamin Высокий пакетрейт на x86-64, берем планку 14.88MppsAlexander Lyamin
The document discusses optimizing the performance of UDP and TCP network traffic on a Linux server. It describes setting up affinity between CPU cores and network interrupts to balance load, disabling an interrupt balancer service, and using advanced network card filtering features to block unwanted traffic. These changes improved CPU utilization from imbalanced to evenly distributed across cores, reducing load and further optimizing the server to handle over 14.88 million packets per second of UDP traffic.
The document discusses how modern Intel CPUs contain debugging features like JTAG that could enable hardware trojans if activated. It describes how the Intel Direct Connect Interface allows activating JTAG-like debugging over USB, potentially allowing full system control. It demonstrates activating DCI on a laptop through the UEFI and explains how to detect if DCI is enabled. The document warns that DCI could lead to a "new age of BadUSB" if used maliciously.
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...Andrew Morris
This document summarizes how to track threat actors on a budget by setting up honeypots to monitor attacks. It describes tracking a group in China that spreads malware via SSH passwords. Samples of the group's malware were analyzed, revealing DNS servers and routers as targets for DDoS attacks. The communication protocol was reversed to identify targets in real-time. This provided insights into the group's operations and infrastructure to block.
This document discusses ethical hacking. It begins by defining hacking and distinguishing between black hat, white hat, and grey hat hackers. White hat hackers, also known as ethical hackers, hack systems with permission to identify vulnerabilities. The document outlines the different phases of ethical hacking including footprinting, scanning, enumeration, gaining access, and maintaining access. It provides examples of tools used in each phase and types of attacks like social engineering and SQL injection. The document emphasizes that for hacking to be ethical, hackers must have permission and respect privacy. It concludes by discussing how organizations can prevent hacking by closing vulnerabilities identified through ethical hacking activities.
44CON @ IPexpo - You're fighting an APT with what exactly?44CON
The document discusses strategies for defending against advanced persistent threats (APTs). It notes that many organizations are still relying on network configurations and security tools conceived decades ago. Modern APTs have evolved tactics to avoid detection, like using internal peer-to-peer communications and fast-flux domain naming that evade perimeter-based security tools. The document advocates deploying detection capabilities throughout the network rather than just at the boundary, and maintaining coordinated incident response plans and skills to understand adversaries' techniques.
Ross Bevington, Microsoft
In ‘The Matrix’ sentient machines subdue the population by developing a highly sophisticated simulation. High interaction honeypots are a lot like The Matrix, designed to convince an attacker to execute an attack so we can monitor them. But these honeypots are flawed!
Attackers are continually adapting in order to evade our defenses - meaning that it’s often not enough to just set up a honeypot and watch the results roll in. Is a new approach better?
Did you know that 40% of IaaS VMs in Azure are Linux? For Microsoft to protect itself and its customers Linux is a priority.
At MSTIC we’ve developed a new type of Linux honeypot that allows us to deceive and control the behavior of an attacker. We are using this to understand the person behind the attack, examining them as they examine us. Using these techniques, we are able to better track the person behind the threat, build better protections and ultimately protect more Linux users - whether they are using Azure or not.
In this presentation I’ll show some of the successes of running a Matrix like environment, failures where a glitch was spotted as well as deception approaches that could be applied to other domains. Finally I’ll show how easy it is to leverage Azure’s big data capabilities to build and ultimately query all this data at scale as well as how you can immediately reap the benefits of this work by connecting your Linux box to Azure Security Center.
Presentation on topics beyond the conventional ethical hacking , discusses job factors and scope in the security field :) this was presented in LPU (Lovely Professional University) as a Seminar with attendees over 200. Meet m e at FB if u want it fb/nipun.jaswal
This document describes a new technique called "IRONSQUIRREL" for encrypting browser exploits during delivery to prevent their analysis and leakage. It uses elliptic curve Diffie-Hellman key exchange to encrypt the exploit code between the server and client browser. This makes the exploit non-replayable and difficult for reverse engineers to analyze from network traffic alone. The document provides details on how IRONSQUIRREL works and recommendations to further obstruct analysis through techniques like one-time URLs, anti-debugging, and obfuscation.
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...AlienVault
Due to the recent, well-publicized events involving celebrities and their private photos, the phrase “brute-force attack” has become the web’s newest buzzword. As an IT professional, it’s vital that you detect brute force attacks as quickly as possible so you can shut them down before the damage is done. Join us for a live demo, where we’ll demonstrate a brute force attack (simulated, of course!) and show how AlienVault USM can help you detect an (attempted) intruder and investigate the attack.
You'll learn:
How attackers can use brute force attacks to gain access to your network
Measures you can take to better secure your environment and prevent these attacks
How AlienVault USM alerts you immediately of brute force attack attempts, giving you valuable time to shut it down
How to use AlienVault USM to investigate an attack and identify compromised assets
A short presentation on the Latest dumb of nsa tools by Shadowbroker hacker group. How to attack how to prevent the attack. Also about the new ransomware wanna cry 2.0
Abusing "Accepted Risk" With 3rd Party C2 - HackMiamiCon5sixdub
This document discusses how threat actors can abuse third-party services like social media, cloud storage, and communication platforms to establish command and control (C2) infrastructure and exfiltrate data. It provides examples of real-world adversary campaigns that have leveraged services like Twitter, GitHub, Yahoo Mail, Dropbox, Google Forms, and others. The document argues that detecting such abuse is challenging as it can mimic normal user behavior, but outlines approaches like analyzing network flows, process correlations, and anomalies to help identify compromised systems communicating with third parties for malicious purposes. Detecting these threats requires collecting and correlating diverse endpoint and network data sources.
Ransomware - what is it, how to protect against itZoltan Balazs
This document provides biographical information about the author and discusses various topics related to ransomware, including notable ransomware families, encryption methods, prevention and recovery strategies. The author describes themselves as the creator of several hacking tools and concepts later adopted by cybercriminals. The document offers advice on ransomware prevention both for home and enterprise users, including tips on backups, application control, and making systems appear like a malware analyst's to avoid targeting.
Let’s play the game. Yet another way to perform penetration test. Russian “re...Kirill Ermakov
1) The document describes a "Red Team Exercise" penetration test performed by security experts against the internal systems of QIWI, a Russian payments company, to simulate a real-world attack.
2) Over the course of 2.5 months, the Red Team was able to compromise various critical system accounts and credentials by exploiting social engineering vectors and weaknesses in network security configurations.
3) The exercise was considered a success overall as it provided a realistic simulation of how external attackers may target the organization, and identified security gaps that needed to be addressed.
InfoSec analysts are all somewhat familiar with Honeypots. When they are given the proper attention, care and feeding, they produce invaluable information and can be a critical asset when it comes to defending the network. This intel has been primarily used by security researchers and organizations with advanced defensive capabilities to study their adversaries and learn from their actions. But what about the rest of us? Honeypots are a lot of work to configure, maintain, and monitor, right? Not exactly; when deployed and monitored properly, Honeypots and Honey Tokens are a simple way to alert on anomalous activity inside the network. But how can an organization that is not focused on research gain valuable threat intelligence using Honeypots and actively defend their network using indicators generated from an internal Honeynet?
The answer is Honeypots for Active Defense. There are currently many open source security tool distributions that come pre-loaded with Honeypots among other useful tools, however the Honeypot software is often not deployed in an effective manner. This session will discuss techniques to leverage Honeypots in ways that will not overburden the security team with massive logs to sift through and focuses efforts on correlating active threat data observed in the Honeypots with the production environment. When deploying Honeypots effectively, this can give security analysts one additional mechanism to tip them off to nefarious activity within their network before they become the next headline.
This document discusses information security and ethical hacking. It provides an overview of common security threats like viruses, worms, Trojan horses, and keyloggers. It then demonstrates how to conduct various hacking techniques like cracking passwords, creating viruses, exploiting SQL injection vulnerabilities, and performing phishing attacks. The document encourages learning these hacking methods but also provides some tips for security like using antivirus software and firewalls, as well as how to identify phishing emails and attacks.
This document discusses various techniques used in cyber attacks, including exploiting vulnerabilities in software like Adobe Reader and Microsoft Office, using email as an attack vector, and social engineering techniques like password-protected archives. Specific examples are given of attacks resembling advanced persistent threats (APTs), including a targeted email with an exploit-carrying document and customized payload behavior. Detection and prevention methods are also covered, such as analyzing suspicious user agents and traffic patterns.
This document discusses the convergence of cybersecurity and gaming. It argues that cybersecurity and gaming development share principles like the need for fast, continuous development and deployment. However, gaming also introduces security risks like the theft of user accounts and digital goods. To address these risks, the document recommends integrating cybersecurity practices into gaming development like application security testing, extending PCI security standards to gaming, and ensuring proper IoT security for connected gaming devices. Overall, the document frames cybersecurity and gaming as an "unmissable marriage" where both fields can learn from each other to better secure games and gamers.
Thoughts on Defensive Development for SitecorePINT Inc
Presentation given by Thomas Powell (tpowell@pint.com) and Joe Lima (jlima@port80software.com) - 2-15-2012 covering WebAppSec issues with an emphasis on concerns with the Sitecore CMS platform.
Sorry for any small quirks in slideshare conversion.
Password attacks involve trying common or dictionary words to guess passwords. Strong passwords use misspellings, random letters, numbers and symbols. Phishing tricks users into entering passwords on fake sites. Malware can harm computers and steal data. Viruses self-replicate while firewalls and software updates help protect devices. Overall the document discusses password security, phishing, malware types like trojans and vulnerabilities, and basic concepts of viruses and firewall protection.
- The author discusses their journey doing source code reviews to find bugs in WordPress plugins and themes. They started with just two people manually reviewing code but then automated the process and expanded their team.
- Through their Phase 1 efforts analyzing over 250 plugins, they found over 250 issues. They are now focusing on authenticated vulnerabilities in Phase 2 like SQL injection, XSS, and CSRF.
- They have created some open source tools to help with the process and are seeking volunteers to help make open source software more secure by joining their Codevigilant platform.
Similar to Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration. (20)
Инструмент ChangelogBuilder для автоматической подготовки Release NotesPositive Hack Days
1. Основные понятия и определения: продукт, пакет, связи между ними.
2. Как узнать, какие изменения произошли в продукте?
3. Проблемы changelog и release note.
4. Решение: инструмент ChangelogBuilder для автоматической подготовки Release Notes
Как мы собираем проекты в выделенном окружении в Windows DockerPositive Hack Days
1. Обзор Windows Docker (кратко)
2. Как мы построили систему билда приложений в Docker (Visual Studio\Mongo\Posgresql\etc)
3. Примеры Dockerfile (выложенные на github)
4. Отличия процессов DockerWindows от DockerLinux (Долгий билд, баги, remote-регистр.)
Типовая сборка и деплой продуктов в Positive TechnologiesPositive Hack Days
1. Проблемы в построении CI процессов в компании
2. Структура типовой сборки
3. Пример реализации типовой сборки
4. Плюсы и минусы от использования типовой сборки
1. Что такое BI. Зачем он нужен.
2. Что такое Qlik View / Sense
3. Способ интеграции. Как это работает.
4. Метрики, KPI, планирование ресурсов команд, ретроспектива релиза продукта, тренды.
5. Подключение внешних источников данных (Excel, БД СКУД, переговорные комнаты).
Approof — статический анализатор кода для проверки веб-приложений на наличие уязвимых компонентов. В своей работе анализатор основывается на правилах, хранящих сигнатуры искомых компонентов. В докладе рассматривается базовая структура правила для Approof и процесс автоматизации его создания.
Задумывались ли вы когда-нибудь о том, как устроены современные механизмы защиты приложений? Какая теория стоит за реализацией WAF и SAST? Каковы пределы их возможностей? Насколько их можно подвинуть за счет более широкого взгляда на проблематику безопасности приложений?
На мастер-классе будут рассмотрены основные методы и алгоритмы двух основополагающих технологий защиты приложений — межсетевого экранирования уровня приложения и статического анализа кода. На примерах конкретных инструментов с открытым исходным кодом, разработанных специально для этого мастер-класса, будут рассмотрены проблемы, возникающие на пути у разработчиков средств защиты приложений, и возможные пути их решения, а также даны ответы на все упомянутые вопросы.
От экспериментального программирования к промышленному: путь длиной в 10 летPositive Hack Days
Разработка наукоемкого программного обеспечения отличается тем, что нет ни четкой постановки задачи, ни понимания, что получится в результате. Однако даже этом надо программировать то, что надо, и как надо. Докладчик расскажет о том, как ее команда успешно разработала и вывела в промышленную эксплуатацию несколько наукоемких продуктов, пройдя непростой путь от эксперимента, результатом которого был прототип, до промышленных версий, которые успешно продаются как на российском, так и на зарубежном рынках. Этот путь был насыщен сложностями и качественными управленческими решениями, которыми поделится докладчик
Уязвимое Android-приложение: N проверенных способов наступить на граблиPositive Hack Days
Немногие разработчики закладывают безопасность в архитектуру приложения на этапе проектирования. Часто для этого нет ни денег, ни времени. Еще меньше — понимания моделей нарушителя и моделей угроз. Защита приложения выходит на передний план, когда уязвимости начинают стоить денег. К этому времени приложение уже работает и внесение существенных изменений в код становится нелегкой задачей.
К счастью, разработчики тоже люди, и в коде разных приложений можно встретить однотипные недостатки. В докладе речь пойдет об опасных ошибках, которые чаще всего допускают разработчики Android-приложений. Затрагиваются особенности ОС Android, приводятся примеры реальных приложений и уязвимостей в них, описываются способы устранения.
Разработка любого софта так или иначе базируется на требованиях. Полный перечень составляют бизнес-цели приложения, различные ограничения и ожидания по качеству (их еще называют NFR). Требования к безопасности ПО относятся к последнему пункту. В ходе доклада будут рассматриваться появление этих требований, управление ими и выбор наиболее важных.
Отдельно будут освещены принципы построения архитектуры приложения, при наличии таких требований и без, и продемонстрировано, как современные (и хорошо известные) подходы к проектированию приложения помогают лучше строить архитектуру приложения для минимизации ландшафта угроз.
Доклад посвящен разработке корректного программного обеспечения с применением одного из видов статического анализа кода. Будут освещены вопросы применения подобных методов, их слабые стороны и ограничения, а также рассмотрены результаты, которые они могут дать. На конкретных примерах будет продемонстрировано, как выглядят разработка спецификаций для кода на языке Си и доказательство соответствия кода спецификациям.
The document discusses preventing attacks in ASP.NET Core. It provides an overview of topics like preventing open redirect attacks, cross-site request forgery (CSRF), cross-site scripting (XSS) attacks, using and architecture of cookies, data protection, session management, and content security policy (CSP). The speaker is an independent developer and consultant who will discuss built-in mechanisms in ASP.NET Core for addressing these security issues.
Implementations of Fused Deposition Modeling in real worldEmerging Tech
The presentation showcases the diverse real-world applications of Fused Deposition Modeling (FDM) across multiple industries:
1. **Manufacturing**: FDM is utilized in manufacturing for rapid prototyping, creating custom tools and fixtures, and producing functional end-use parts. Companies leverage its cost-effectiveness and flexibility to streamline production processes.
2. **Medical**: In the medical field, FDM is used to create patient-specific anatomical models, surgical guides, and prosthetics. Its ability to produce precise and biocompatible parts supports advancements in personalized healthcare solutions.
3. **Education**: FDM plays a crucial role in education by enabling students to learn about design and engineering through hands-on 3D printing projects. It promotes innovation and practical skill development in STEM disciplines.
4. **Science**: Researchers use FDM to prototype equipment for scientific experiments, build custom laboratory tools, and create models for visualization and testing purposes. It facilitates rapid iteration and customization in scientific endeavors.
5. **Automotive**: Automotive manufacturers employ FDM for prototyping vehicle components, tooling for assembly lines, and customized parts. It speeds up the design validation process and enhances efficiency in automotive engineering.
6. **Consumer Electronics**: FDM is utilized in consumer electronics for designing and prototyping product enclosures, casings, and internal components. It enables rapid iteration and customization to meet evolving consumer demands.
7. **Robotics**: Robotics engineers leverage FDM to prototype robot parts, create lightweight and durable components, and customize robot designs for specific applications. It supports innovation and optimization in robotic systems.
8. **Aerospace**: In aerospace, FDM is used to manufacture lightweight parts, complex geometries, and prototypes of aircraft components. It contributes to cost reduction, faster production cycles, and weight savings in aerospace engineering.
9. **Architecture**: Architects utilize FDM for creating detailed architectural models, prototypes of building components, and intricate designs. It aids in visualizing concepts, testing structural integrity, and communicating design ideas effectively.
Each industry example demonstrates how FDM enhances innovation, accelerates product development, and addresses specific challenges through advanced manufacturing capabilities.
Kief Morris rethinks the infrastructure code delivery lifecycle, advocating for a shift towards composable infrastructure systems. We should shift to designing around deployable components rather than code modules, use more useful levels of abstraction, and drive design and deployment from applications rather than bottom-up, monolithic architecture and delivery.
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsMydbops
This presentation, delivered at the Postgres Bangalore (PGBLR) Meetup-2 on June 29th, 2024, dives deep into connection pooling for PostgreSQL databases. Aakash M, a PostgreSQL Tech Lead at Mydbops, explores the challenges of managing numerous connections and explains how connection pooling optimizes performance and resource utilization.
Key Takeaways:
* Understand why connection pooling is essential for high-traffic applications
* Explore various connection poolers available for PostgreSQL, including pgbouncer
* Learn the configuration options and functionalities of pgbouncer
* Discover best practices for monitoring and troubleshooting connection pooling setups
* Gain insights into real-world use cases and considerations for production environments
This presentation is ideal for:
* Database administrators (DBAs)
* Developers working with PostgreSQL
* DevOps engineers
* Anyone interested in optimizing PostgreSQL performance
Contact info@mydbops.com for PostgreSQL Managed, Consulting and Remote DBA Services
What's Next Web Development Trends to Watch.pdfSeasiaInfotech2
Explore the latest advancements and upcoming innovations in web development with our guide to the trends shaping the future of digital experiences. Read our article today for more information.
INDIAN AIR FORCE FIGHTER PLANES LIST.pdfjackson110191
These fighter aircraft have uses outside of traditional combat situations. They are essential in defending India's territorial integrity, averting dangers, and delivering aid to those in need during natural calamities. Additionally, the IAF improves its interoperability and fortifies international military alliances by working together and conducting joint exercises with other air forces.
Blockchain technology is transforming industries and reshaping the way we conduct business, manage data, and secure transactions. Whether you're new to blockchain or looking to deepen your knowledge, our guidebook, "Blockchain for Dummies", is your ultimate resource.
Video traffic on the Internet is constantly growing; networked multimedia applications consume a predominant share of the available Internet bandwidth. A major technical breakthrough and enabler in multimedia systems research and of industrial networked multimedia services certainly was the HTTP Adaptive Streaming (HAS) technique. This resulted in the standardization of MPEG Dynamic Adaptive Streaming over HTTP (MPEG-DASH) which, together with HTTP Live Streaming (HLS), is widely used for multimedia delivery in today’s networks. Existing challenges in multimedia systems research deal with the trade-off between (i) the ever-increasing content complexity, (ii) various requirements with respect to time (most importantly, latency), and (iii) quality of experience (QoE). Optimizing towards one aspect usually negatively impacts at least one of the other two aspects if not both. This situation sets the stage for our research work in the ATHENA Christian Doppler (CD) Laboratory (Adaptive Streaming over HTTP and Emerging Networked Multimedia Services; https://athena.itec.aau.at/), jointly funded by public sources and industry. In this talk, we will present selected novel approaches and research results of the first year of the ATHENA CD Lab’s operation. We will highlight HAS-related research on (i) multimedia content provisioning (machine learning for video encoding); (ii) multimedia content delivery (support of edge processing and virtualized network functions for video networking); (iii) multimedia content consumption and end-to-end aspects (player-triggered segment retransmissions to improve video playout quality); and (iv) novel QoE investigations (adaptive point cloud streaming). We will also put the work into the context of international multimedia systems research.
In this follow-up session on knowledge and prompt engineering, we will explore structured prompting, chain of thought prompting, iterative prompting, prompt optimization, emotional language prompts, and the inclusion of user signals and industry-specific data to enhance LLM performance.
Join EIS Founder & CEO Seth Earley and special guest Nick Usborne, Copywriter, Trainer, and Speaker, as they delve into these methodologies to improve AI-driven knowledge processes for employees and customers alike.
Are you interested in learning about creating an attractive website? Here it is! Take part in the challenge that will broaden your knowledge about creating cool websites! Don't miss this opportunity, only in "Redesign Challenge"!
Performance Budgets for the Real World by Tammy EvertsScyllaDB
Performance budgets have been around for more than ten years. Over those years, we’ve learned a lot about what works, what doesn’t, and what we need to improve. In this session, Tammy revisits old assumptions about performance budgets and offers some new best practices. Topics include:
• Understanding performance budgets vs. performance goals
• Aligning budgets with user experience
• Pros and cons of Core Web Vitals
• How to stay on top of your budgets to fight regressions
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/07/intels-approach-to-operationalizing-ai-in-the-manufacturing-sector-a-presentation-from-intel/
Tara Thimmanaik, AI Systems and Solutions Architect at Intel, presents the “Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” tutorial at the May 2024 Embedded Vision Summit.
AI at the edge is powering a revolution in industrial IoT, from real-time processing and analytics that drive greater efficiency and learning to predictive maintenance. Intel is focused on developing tools and assets to help domain experts operationalize AI-based solutions in their fields of expertise.
In this talk, Thimmanaik explains how Intel’s software platforms simplify labor-intensive data upload, labeling, training, model optimization and retraining tasks. She shows how domain experts can quickly build vision models for a wide range of processes—detecting defective parts on a production line, reducing downtime on the factory floor, automating inventory management and other digitization and automation projects. And she introduces Intel-provided edge computing assets that empower faster localized insights and decisions, improving labor productivity through easy-to-use AI tools that democratize AI.
The DealBook is our annual overview of the Ukrainian tech investment industry. This edition comprehensively covers the full year 2023 and the first deals of 2024.
Coordinate Systems in FME 101 - Webinar SlidesSafe Software
If you’ve ever had to analyze a map or GPS data, chances are you’ve encountered and even worked with coordinate systems. As historical data continually updates through GPS, understanding coordinate systems is increasingly crucial. However, not everyone knows why they exist or how to effectively use them for data-driven insights.
During this webinar, you’ll learn exactly what coordinate systems are and how you can use FME to maintain and transform your data’s coordinate systems in an easy-to-digest way, accurately representing the geographical space that it exists within. During this webinar, you will have the chance to:
- Enhance Your Understanding: Gain a clear overview of what coordinate systems are and their value
- Learn Practical Applications: Why we need datams and projections, plus units between coordinate systems
- Maximize with FME: Understand how FME handles coordinate systems, including a brief summary of the 3 main reprojectors
- Custom Coordinate Systems: Learn how to work with FME and coordinate systems beyond what is natively supported
- Look Ahead: Gain insights into where FME is headed with coordinate systems in the future
Don’t miss the opportunity to improve the value you receive from your coordinate system data, ultimately allowing you to streamline your data analysis and maximize your time. See you there!
2. #WHOAMI
• Senior Security Engineer at
• Writer at
• Ideology and co-organizer of
• Co-Founder of
ZeroNights
3. #DISCLAIMER
• This story is not connected to my EMPLOYER
• All LIVE data was got from Q2 2011 – Q3 2012
• It was done only for research purposes.
• All data was shared with NOBODY.
• Thx to Alexey Tyurin (@antyurin)
4. #WHAT IS IT ABOUT
honeypot
• Attract attacker‟s attention (to HoneyPot)
• Get patterns and actions from an attacker behavior
Then Operator can understand what kind of attacker we
have, what he can do in the future and etc. After that we can
Take some „preventative‟ actions.
Example 1. Bot search for PHP LFI bug in PMA
Def. actions:
1) Do we have PMA?
2) Are our PMA installation accessible from
the Internet?
3) Bug fixed?
// but the same we can get from IDS…
Example 2. SQLi attempt. Dumping hashes.
Def. actions:
1) What kind of SQLi he tried to exploit –
let‟s check our web-apps for
same SQLi patterns
2) Check hashes in our databases – is it
salted?
Do we have hashes at all? (or
plain text?)
3) Check access to tables , is it possible to
get access by using „web‟ account?
7. #WHOIS THE ATTACKER
Why?
I do not care, main task – fix the bug!
vs.
It‟s interesting, I want to track him!
8. #WHOIS THE ATTACKER
Who wants to know…
• Enterprise
- Who is hunting us like that?
(oil‟s sector/big R&D)
It is always good to know who has started this activity….
Because if it is just kids, it is one thing,
if government or competitors – another thing.
• Government
- Track cybercrimes
- Track another government… cyber war, blah-blah-blah…
- etc …
10. #HONEYPOT
What I want?
• Fast result: attack or false positive?
• Is it a targeted attack? Or just a scan from botnet?
• Is it a professional or kiddie
• Decloaking the attacker
• Track the attacker
13. #Offensive
We can do more…
“Replay back” – answer with the same exploit back to the source:
• SSH Brute force attack
- if the source has SSH service
- replay with the same login/pass
-- attacker has already changed password on pwned box
• PHP/Perl/Ruby web attacks
- if the source has HTTP service
- replay back with same URI/payload
It is against BOTs, and will not work against real attacker.
14. #Offensive
WWW
• Is it (the attacker) HUMAN?
• Is he using well-know application (browser/plugins)?
• Can we EXPLOIT it?
Classical ExploitPACK?
15. #Honeypot
Skills?
Bug Vulnerability Exploit Attack
Can be found automatically
SHOULD be found during manual tests
SHOULD be executed by the attacker
with browser!
Attacker’s level of skills
• Low
• Medium
• High!
• Dangerous, we are
doomed!!!11
16. #Honeypot
Trap
• DIRBuster attack, give them /admin/admin.php
But what is the password?
// We can detect bruteforce attacks…
• /admin/help.php?id=1 <--SQL Injection
Get password for admin.php
• Login with stolen password to /admin/admin.php
• Attack complete!
17. #Honeypot
Blind SQL Injection (SQLite)
„ - 500 Error.
This is a bug
„/**/AND/**/ „1‟ /**/like„1‟--
- 200.
This is a vulnerability
„union/**/select(CASE/**/WHEN/**/
sqlite_version()like'3.%'THEN/**/
select(1)from(lololo)ELSE‟BHEU13‟
END)
- 200/500.
This is an exploit
Skill-O-Meter
Additional to Skill-O-Metr
• Filtered Symbols, like „space‟
• WAF with small „holes‟
• etc, like CTF tasks or hackquest…
19. #Honeypot
…can bite!
• For each step we can get:
o Human/automated attack (Skill-O-Meter)
o The malicious intention of an attacker
WhiteHat will finish after finding a SQLi vulnerability. He will not attempt
to get access to forbidden part (admin.php)!
Ok, ok… even if he got access to admin.php he do not try to get „secret.pdf‟ =)
• On each step we can bite…
o On „attack step‟ we can counterattack…
20. #Counterattack
What we can?
• Attack his browser/plugins
• 1day/0day exploits
• Social engineering
• Evil Java applet/ActiveX (GUI for administration…)
• Honeytokens
• Attack his env. using a browser.
• Third party services (web-mail/social networks/etc)
• Local env. (localhost/dsl-router)
21. #Social Engineering
Honeytokens
• PDF file with secret information (and with exploit…)
• EXE file with secret application (fat client for SCADA…)
• etc….
22. #Backdoor… ?
No – “detective”
• Get jpg/txt/doc files from FS
• Get config files (VPN)
• Get BSSIDs
• Get network/domain configuration
• Get traceroute to us
• Get DNS to us
• Get camera-shot, mic recording
• etc…
24. #Target
• Reverse DNS channel
• ipconfig
• tracert
• Domain name
• Login name
• …
• DO NOT COLLECT PERSONAL INFO
• DO NOT GET ANY DATA FROM HDD
• REMOTE CONTROL DISABLED
27. #Results
Write-up about First DCG meeting in Russia…
habrahabr.ru Most technical Russian IT community…
Comments…“ If someone wants invite: ‘ or 1=1– “
28. #Hello “Red May” 2011
GET requests log
No success with SE or reverse penetration… I am lucky…
29. #Unexpected
GET requests log
One beautiful
Ex-USSR republic…
Nothing special…
Damn! Special-Super-Secret-Service
of beautiful ex-USSR republic…
Looks like „service‟ username, not
personal… may be it was compromised?
30. #More drama
… few hours latter, another intrusion to DCG web-site
… from same ex-USSR republic, same city….
… but another subnet
… and again – “reverse penetration”
Known nickname, you can Google him as know hacker form this ex-USSR republic..
may be he is working for this Secret Service
… or compromise this host and use as intermediate…
32. #Conclusion
It works!
• We got real usernames of those who did not use VMware/and middle hosts
• We got real source for those who use VMware/TOR/Proxy and did not use middle hosts
• We got intermediate hosts, but we can detect it, end got
• We got configured DNS server address
• And we got it automatically…
The same results possible for honey
token/exploit-back techniques…
SE: Attacker is not expecting back-attack!
33. #But
Some attackers are careful
//@ahack_ru had known about Honeypot and Java applet and did not run it…
but he was busted anyway!
34. #Can we attack 3rd party services?
If user is authenticated on others services
HoneyPot
Attacker
SocialNetwork
• Attack begins
• CSRF/XSS attack…
• Callback with ID….
• Proxy/TOR/VPN – it is not about network!
• Works only vs. script-kiddies and whitehats
41. #Conclusion
It works!
• We got real emails
• We got real names
• We can do correlation between two e-mail addresses
and Java Applet response
• And we got it automatically…
45. #Moarrrrrrrrr
Local env. can be attacked!
• Anti DNS pinning / DNS rebinding
• XXXSS by Samy Kamkar (Getting BSSIDs…)
• CSRF/XSS on any local resources….
• There can be million techniques and tricks for that…