44CON 2013 - Surviving the 0-day - Reducing the Window of Exposure - Andreas Lindh

Más contenido relacionado

La actualidad más candente

The modern web-scale network is a pretty complicated place. Modern techniques in Systems Management have made it trivial to create, destroy and repurpose any number of instance types. These instances can span the range from bare metal machines sitting in a datacenter, to 3rd party virtual machines on demand, and now these new containers and microservices seem to be all the rage. Instances are cattle, they are no longer pets. All of this perpetual churn and flexibility is exactly what you want in a constantly changing, highly available, and efficient infrastructure. The ability to create or destroy nodes on demand, or continuously and automatically scale up, down, and re-deploy applications as part of a continuous integration pipeline, have become necessary and an integral part of daily operations. However these systems can generate terabytes of network logs a day. And if your job is detecting, correlating, and alerting on the correct anomaly in all that data, the analogy of the needle in the haystack really doesn’t do it justice, something closer would be akin to finding a needle in the windstorm. How do you begin to collect, store, analyze, and alert on this much data without costing the company a small fortune? What are some practical steps you can take to reduce your overall risk and begin to gain more insight, visibility, and confidence into what is actually taking place on your network? This talk aims to give the attendee a solid understanding of the problem space, as well as recommendations and practical advice from someone who built their own ‘big data’ network and security monitor. It really is easier than it sounds.

Practical network defense at scale Or: Protecting the “Eierlegende Wollmichsa...

CODE BLUE

OpenDNS presenter pack

Kim Jensen

Red team Engagement

Indranil Banerjee

Developing Software with Security in Mind

sblom

It is well known that computer exploitation will continue to increase in prevalence and sophistication. Computer network attacks and data exfiltrations are most successful when the methods of exploitation traverse the entry and egress vectors that are least expected and least defended in your network. Most of the time, no matter how well your perimeter is guarded, the user still represents the weakest avenue into that network. A clear need exists to better protect data transmitted and received by the user. But what are we to do when signature-based detection has long been defeated and anomaly/heuristic-based detection is not yet where we need it to be? The solution lies in enhancing the defense paradigm via the incorporation of intelligence-based security (Threat Intelligence) in the analysis of threats and discovery of malicious activity affecting your network, data, and your protected clients.

Incorporating Threat Intelligence into Your Enterprise Communications Systems...

EC-Council

Getting Started in Information Security

Dennis Maldonado

Hacking

NarendraGadde2

TakeDownCon Rocket City: Technology Deathmatch, The arms race is on by Sean B...

EC-Council

Katherine Fithen has been a leader in information security for more than 20 years. She retired as the Chief Privacy Officer and Director of Governance & Compliance at The Coca-Cola Company in July 2017. Prior to joining The Coca-Cola Company in 2002, Katherine was the Senior Manager of the CSIRT Program at PricewaterhouseCoopers, LLP, and prior to pwc, the Manager of the CERT®. Katherine has earned a Bachelor of Arts in Retail Management, a Master of Arts in Personnel Management, and a Master of Science in Information Science. Katherine is on several advisory boards for privacy and security. In August 2015, Katherine was listed as one of “Women in IT Security: 10 Power Players”

Global CISO Forum 2017: Privacy Partnership

EC-Council

Presented at Diana Initiative, Queercon 16, and DEFCON 27 Recon Village 8/9-10, 2019. When we think of the process for attacking an organization, OSINT comes to the front and center of our minds. This presentation takes a presenter with experience in applying OSINT to effective penetration testing and social engineering and reverse engineers the process to determine what steps can be taken to further complicate their efforts. This is a presentation that talks about online deception, decoy accounts, canary data, encryption, maintaining one’s social media in a secure manner, and protecting one’s identity as much as possible. While nothing is absolute, this is a presentation that will leave attendees more aware of techniques to make it harder for attackers to collect accurate OSINT, either by removal or deception.

DECEPTICONv2

👀 Joe Gray

ShadyRAT: Anatomy of targeted attack

Vladyslav Radetsky

2014: Mid-Year Threat Review

ESET

Slides from @jorgeorchilles and @brysonbort talk at Blackhat 2020 - Arsenal covering the C2 Matrix. Website: https://thec2matrix.com Blackhat: https://www.blackhat.com/us-20/arsenal/schedule/#c-matrix-comparison-of-command-and-control-frameworks-20768 Video: https://youtu.be/2i9KjHCR6ik Command and Control is one of the most important tactics in the MITRE ATT&CK matrix as it allows the attacker to interact with the target system and realize their objectives. Organizations leverage Cyber Threat Intelligence to understand their threat model and adversaries that have the intent, opportunity, and capability to attack. Red Team, Blue Team, and virtual Purple Teams work together to understand the adversary Tactics, Techniques, and Procedures to perform adversary emulations and improve detective and preventive controls. The C2 Matrix was created to aggregate all the Command and Control frameworks publicly available (open-source and commercial) in a single resource to assist teams in testing their own controls through adversary emulations (Red Team or Purple Team Exercises). Phase 1 lists all the Command and Control features such as the coding language used, channels (HTTP, TCP, DNS, SMB, etc.), agents, key exchange, and other operational security features and capabilities. This allows more efficient decisions making when called upon to emulate and adversary TTPs. It is the golden age of Command and Control (C2) frameworks. Learn how these C2 frameworks work and start testing against your organization to improve detective and preventive controls. The C2 Matrix currently has 41 command and control frameworks documented in a Google Sheet, web site, and questionnaire format.

Blackhat 2020 Arsenal - C2 Matrix

Jorge Orchilles

Honeypots for proactively detecting security incidents

APNIC

Blackhat USA Mobile Security Panel 2011

Tyler Shields

Security Architecture

Phil Huggins FBCS CITP

Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done

AlienVault

One of the main reasons information security is so hard to achieve today is that IT itself is changing so rapidly. Cloud computing places security in the hands of a third-party service provider. Mobile technology, meanwhile, places security in the hands of the end user. And the emergence of intelligent, Internet-connected, non-computer devices -- the Internet of Things -- represents an entirely new set of security challenges. In this slide deck, you'll learn how IT organizations can build a security strategy that works when so much of the computing environment is outside their span of control. She will also touch upon how security departments can implement technologies and practices that will work in both today's IT environment and tomorrow's dynamic, multi-dimensional computing world.

Preparing a Next Generation IT Strategy

Bishop Fox

Worst-Case Scenario: Being Detected without Knowing You are Detected

Ashwini Almad

Fun with Application Security

Bruce Abernethy

La actualidad más candente (20)

Practical network defense at scale Or: Protecting the “Eierlegende Wollmichsa...

OpenDNS presenter pack

Red team Engagement

Developing Software with Security in Mind

Incorporating Threat Intelligence into Your Enterprise Communications Systems...

Getting Started in Information Security

Hacking

TakeDownCon Rocket City: Technology Deathmatch, The arms race is on by Sean B...

Global CISO Forum 2017: Privacy Partnership

DECEPTICONv2

ShadyRAT: Anatomy of targeted attack

2014: Mid-Year Threat Review

Blackhat 2020 Arsenal - C2 Matrix

Honeypots for proactively detecting security incidents

Blackhat USA Mobile Security Panel 2011

Security Architecture

Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done

Preparing a Next Generation IT Strategy

Worst-Case Scenario: Being Detected without Knowing You are Detected

Fun with Application Security

Similar a 44CON 2013 - Surviving the 0-day - Reducing the Window of Exposure - Andreas Lindh

Despite changing threats and the near certainty of compromise, most IT security programs are much the same as they were a decade ago. How have attacker motivations and tactics changed, and why? What does this mean for IT security departments, and how must they adapt? This webinar will detail the security challenges organizations face today, the implications of changes in attacker tactics and motivations, and what firms can do to better align their security program with today's reality. Our featured speakers for this webinar will be: - Ted Julian, Chief Marketing Officer, Co3 Systems - Colby Clark, Director of Incident Management, Fishnet Security

Today's Breach Reality, The IR Imperative, And What You Can Do About It

Resilient Systems

Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?

Codero

Insider threat v3

Lancope, Inc.

Defending Enterprise IT - beating assymetricality

Claus Cramon Houmann

The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018

Pukhraj Singh

2023 NCIT: Introduction to Intrusion Detection

APNIC

This presentation was delivered at SkyDogCon 6 in October 2016. The A/V is available here: https://www.youtube.com/watch?list=PLLEf-wPc7Tyae19iTuzKOXmPj-IQBIWuU&v=mKxGulV2Z74 It is an updated version of the original deck presented at BSides Augusta 2016 - Added original content including information on use cases and added definition/clarity. Abstract: "We can all agree that threat ("Evil") detection is an essential component of a functioning security monitoring program. Let's start thinking about how to take our tradecraft to the next level and hunt for insecure conditions ("Ways for Evil to do Evil things") that might allow threat actors to succeed in their mission. This talk will run through some of the observations gathered during hunting expeditions inside the networks of multiple Fortune-ranked organizations and challenge you to expand your security operations thinking beyond signature-based detection. - What is Hunting? - How have we done it? - What have we found, and what should be done about those findings? - How might you achieve similar outcomes in your own environment?" Speakers: - Jacqueline Stokes (@find_evil) is an infosec enthusiast who picked up hacking as a preteen and cut her teeth over multiple years in Iraq. Her ongoing mission is to assess and advise clients on the most actionable and forward-thinking methods to improve detection, response, and containment of advanced threats. Jackie likes long walks on the beach, 90's nostalgia, and is the president and founding member of the Kevin Mandia Fan Club.

Hunting: Defense Against The Dark Arts v2

Spyglass Security

Threat Intelligence: State-of-the-art and Trends - Secure South West 2015

Andreas Sfakianakis

[Bucharest] Catching up with today's malicious actors

OWASP EEE

We can all agree that threat detection is an essential component of a functioning security monitoring program. Let's start thinking about how to take our tradecraft to the next level and hunt for ways for evil to do evil things. This talk will run through some of the observations gathered during hunting expeditions inside the networks of multiple Fortune ranked organizations. We hope to challenge you to expand your security operations, moving beyond traditional signature based detection.

Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016

Danny Akacki

Capture the flag (CTF) exercises and events continue to increase in popularity providing essential training and skills development for defenders on blue teams and attackers on red teams. Jeopardy style or attack-defense CTF cyber exercises enable experienced participants and novices to work side by side on teams developing communication, time management and problem solving skills in a safe environment with ground rules and prizes for winners. Defending blue teams often dread the embarrassment of being attacked and compromised until modern deception defenses arrived. Deception defenses mimic a real environment with decoys and breadcrumbs creating an unknown mine field for attackers to detect their activity and movements giving defending blue teams a new advantage.

Capture the Flag Exercise Using Active Deception Defense

Fidelis Cybersecurity

Technologies and Policies for a Defensible Cyberspace

mark-smith

Ten security product categories you've (probably) never heard of

Adrian Sanabria

Common themes in cyber attacks and what they mean for defenders' presentation...

APNIC

Incident response, Hacker Techniques and Countermeasures

Jose L. Quiñones-Borrero

Insight live om It-sikkerhed- Peter Schjøtt

Mediehuset Ingeniøren Live

Vulnerability Assessments, Penetration Tests and Red Teaming – Do you know what these tactics are all about? In this session, we will present our understanding of these practices in terms of when to apply them and what to expect. Nowadays, organizations run on top of hundreds, if not thousands, of Information Technology assets with some of them on premise and others cloud based. Having control over all of this is a challenging task. Based on our extensive experience with securing our customers, I will show what real findings and attack trends look like while hopefully, shedding some light on how to be prepared to resist current attacks.

Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...

Core Security

UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...

APNIC

Security is now important to all of us, not just people who work at Facebook. Most developers think about security in terms of security technologies that they want to apply to their systems, and then ask how secure the system is. From a secure systems perspective, this is the wrong way around. To build a secure system, you need to start from the things that need to be protected and the threats to those resources. In this session, Eoin dives into the fundamentals of system security to introduce the topics we need to understand in order to decide how to secure our systems.

System Security Beyond the Libraries

Eoin Woods

Cyber Threat Hunting Workshop.pdf

ssuser4237d4

Similar a 44CON 2013 - Surviving the 0-day - Reducing the Window of Exposure - Andreas Lindh (20)

Today's Breach Reality, The IR Imperative, And What You Can Do About It

Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?

Insider threat v3

Defending Enterprise IT - beating assymetricality

The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018

2023 NCIT: Introduction to Intrusion Detection

Hunting: Defense Against The Dark Arts v2

Threat Intelligence: State-of-the-art and Trends - Secure South West 2015

[Bucharest] Catching up with today's malicious actors

Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016

Capture the Flag Exercise Using Active Deception Defense

Technologies and Policies for a Defensible Cyberspace

Ten security product categories you've (probably) never heard of

Common themes in cyber attacks and what they mean for defenders' presentation...

Incident response, Hacker Techniques and Countermeasures

Insight live om It-sikkerhed- Peter Schjøtt

Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...

UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...

System Security Beyond the Libraries

Cyber Threat Hunting Workshop.pdf

Más de 44CON

Your job is to secure operations. But nobody listens to you. There’s no budget. Management keeps making bad security decisions that seem to sabotage your efforts. Do you flee or do you try harder? The security books, blogs, and tweeting pundits out there tell us we need to learn the language of business. We need to put risk in terms of money that management understands. We need to be like the management we’re trying to protect. And that’s where it all falls apart. The security to business relationship is often textbook abusive codependency. You do well and nobody notices. You fail and you get fired or worse- shamed by your peers over social media for whatever the company releases as the statement for the breach. So how do you do SecOps under those conditions? This talk will focus on new ways to approach SecOps to face the challenges you have today with business demands. We will look at new security research that will make a difference for how you do your job. Most of all we will show you technical security practices to help you sustain your new found stance.

They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...

44CON

One of the hottest topics in current crypto research is Post-Quantum Cryptography. This branch of cryptography addresses asymmetric crypto systems that are not prone to quantum computers. Virtually all asymmetric crypto systems currently in use (Diffie-Hellman, RSA, DSA, and Elliptic Curve Crypto Systems) are not Post-Quantum. They will be useless, once advanced quantum computers will be available. Quantum computer technology has made considerable progress in recent years, with major organisations, like Google, NSA, and NASA, investing in it. Post-Quantum Cryptography uses advanced mathematical concepts. Even if one knows the basics of current asymmetric cryptography (integer factorisation, discrete logarithms, …), Post-Quantum algorithms are hard to understand. The goal of this presentation is to explain Post-Quantum Cryptography in a way that is comprehensible for non-mathematicians. Five families of crypto systems (as good as all known Post-Quantum algorithms belong to these) will be introduced: Lattice-based systems: The concept of lattice-based asymmetric encryption will be explained with a two-dimensional grid (real-world implementations use 250 dimensions and more). Some lattice-based ciphers (e.g., New Hope) make use of the Learning with Error (LWE) concept. I will demonstrate LWE encryption in a way that is understandable to somebody who knows Gaussian elimination (this is taught at middle school). Other lattice-based systems (especially NTRU) use truncated polynomials, which I will also explain in a simple way. Code-based systems: McEliece and a few other asymmetric ciphers are based on error correction codes. While teaching the whole McEliece algorithm might be too complex for a 44CON presentation, it is certainly possible to explain error correction codes and the main McEliece fundamentals. Non-commutative systems: There are nice ways to explain non-commutative groups and the crypto systems based on these, using everyday-life examples. Especially, twisting a Rubik’s Cube and plaiting a braid are easy-to-understand group operations a crypto system can be built on. Multivariate systems: Multivariate crypto can be explained to somebody who knows Gaussian elimination. Hash-based signatures: If properly explained, Hash-based signatures are easier to understand than any other asymmetric crypto scheme. I will explain these systems with cartoons, drawings, photographs, a Rubik’s Cube and other items. In addition, I will give a short introduction to quantum computers and the current Post-Quantum Crypto Competition (organised by US authority NIST).

How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...

44CON

Data Center security has been forced to reinvent itself as software complexity increases, networking capabilities grow more agile, and attack complexity turns unmanageable. With this change, the need for security policy enforcement to be handled at the edge has pushed functionality onto host compute systems, resulting in inherent performance loss and security weakness due to consolidation of resources. In the first part of the talk we will be presenting a SmartNIC-based model for data-center security that solves both the performance problem and the security problems of edge-centric policy models. The model features a more robust isolation of responsibilities, superior offload capabilities, significantly better scaling of policy, and unique visibility opportunities. To illustrate this, we present a SmartNIC-based reference architecture for network layout, as well as examples of SmartNIC security controls and their resulting threat models. The second part of the talk will unveil a new innovative technique for tamper proof host introspection as SmartNICs are in a unique position to analyze and inspect the memory of the host to which they are attached. Normally, this functionality is reserved for a hypervisor, where it is known as ‘guest introspection’ or ‘virtual-machine introspection’. With host introspection, security controls no longer live in the hypervisor, but on the SmartNIC itself, on a separate trust domain. In this way, the visibility normally achieved with guest introspection can be performed for the entire host memory in an isolated and secure area. In order for host introspection to work in the same way as guest introspection, memory is DMA transferred in bursts over the PCI-e bus that attaches the SmartNIC to the host. As this method can be subverted to hide unwanted software, we will demonstrate a novel approach to tamper proof the acquisition of memory and for performing live introspection. Host introspection complements the network controls implemented using the SmartNIC by enabling the measurement of the integrity and the behavior of workloads (virtual machines, containers, bare metal servers) to identify possible indicators of compromise. The visibility and context gained also enhances the granularity of network controls, resulting in measurably better security for the data center compared to traditional software-only based controls.

Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...

44CON

Exploits, Backdoors, and Hacks: words we do not commonly hear when speaking of Machine Learning (ML). In this talk, I will present the relatively new field of hacking and manipulate machine learning systems and the potential these techniques pose for active offensive research. The study of Adversarial ML allows us to leverage the techniques used by these algorithms to find weak points and exploit them in order to achieve: Unexpected consequences (why did it decide this rifle is a banana?) Data leakage (how did they know Joe has diabetes) Memory corruption and other exploitation techniques (boom! RCE) Influence the output In other words, while ML is great at identifying and classifying patterns, an attacker can take advantage of this and take control of the system. This talk is an extension of research made by many people, including presenters at DefCon, CCC, and others – a live demo will be shown on stage! Garbage In, RCE Out :)

JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...

44CON

Numerous technical articles, presentations, and even books exists about reverse engineering the Windows Driver Model (WDM) for purposes that vary from simply understanding how a specific driver works, to malware analysis and bug hunting. On the other hand, Microsoft has been providing the Kernel Mode Driver Framework (KMDF) for quite a while and we now see more and more drivers shifting to this framework instead of interacting directly with the OS like in the old WDM times. Yet, there is close to no information on how to approach this model from a reverse engineering and offensive standpoint. In this presentation, I will first do a quick recap on WDM drivers, its common structures, and how to identify its entry points. Then I’ll introduce KMDF with all its relevant functions for reverse engineering through a set of case-studies. I’ll describe how to interact with a KMDF device object through SetupDI api and how to find and analyze the different IO queues dispatch routines. Does the framework actually enhances security? We’ll come to a conclusion after revealing some major vendor implementation problems. Armed with this knowledge, you will be able to run your own bug hunting session over any KMDF driver.

Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...

44CON

In March 2018, the UK launched its Secure by Design report in order to help defend against security threats, especially for consumer Internet of Things products and services. Over the past few years, poorly secured IoT devices have been hijacked in both targeted as well as large-scale DDoS attacks such as Mirai. In addition to this, poor security can threaten both privacy and safety. The speaker, David Rogers authored the UK’s ‘Code of Practice for Security in Consumer IoT Products and Associated Services’, in collaboration with DCMS, NCSC, ICO and industry colleagues with extensive support from the security research community. David will discuss the guidelines within the Code of Practice, why these were prioritised and why the top three became dealing with the password problem, implementing vulnerability disclosure and acting on it and addressing software updates. David will also look at what’s next: what will the challenges be and will the Code of Practice succeed in its aims? How can IoT products possibly be certified and how will the threat landscape change in response to improving security?

The UK's Code of Practice for Security in Consumer IoT Products and Services ...

44CON

Cyber Security is often framed in terms of ‘Risk’- the possibility of suffering harm or loss – and the ‘Management’ of Risk to reduce uncertainty. This is familiar territory for businesses. Cyber Security falls in neatly under Risk Management, is assigned a suitable place on the organigramme, tossed some spare budget and granted a few paragraphs in the board report. NIST defines Risk as a ‘function of the likelihood of a given threat-source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organisation’. Key theme: This presentation explores the idea that making cyber security analogous to risk is holding us back. How about we talk about security ‘debt’ instead? Technical Debt is already a well understood concept in software development – the cost of additional rework caused by choosing an easy solution now instead of using a better approach that would take longer or cost more. Changing our language changes how we think and how we behave. This presentation argues that such a change could have a significant impact on software security. In this presentation we will comment on the power of ‘analogies’ and how they’ve shaped our industry. We’ll then consider the difference between the ‘security as risk’ and the ‘security as debt’ paradigms and explore how changing paradigms may change the way we think about, talk about and measure software security. We believe this could have a very empowering effect on development managers and other security professionals who are struggling to articulate the relative benefits of security (or a lack of security) to a software product.

Weak analogies make poor realities – are we sitting on a Security Debt Crisis...

44CON

Con speakers fear the Nerf gun. Overrun your talk time at your peril; Steve will shoot your arse with extreme prejudice until you STFU. We had to find a way to pwn the gun and shoot him back. That’s when we found the Nerf Terrascout: a remote tank gun controlled over 2.4GHz, with a video feed to the remote, complete with crosshairs. At first, we thought this would be a trivial job: figure out the RF and take control. It turned in to a mammoth hardware, firmware and RF reversing project. This puppy is so over-specced it would drive you to tears. The talk will cover the fails, hair loss and eventual success. There won’t be any smart dildos in it, though some of the techniques used are equally suited to teledildonics exploitation, if that’s your thing. Reversing RF in a high frequency environment using SDRs is challenging. We’ll discuss how we worked around these issues using hardware reversing skills. We had to import hardware from China for this project, which we could then programme ourselves using SPI, impersonate the legitimate controller and ‘jack the tank gun. This talk will of course include a live demonstration of hijacking the tank gun and (possibly) shooting Steve.

Pwning the 44CON Nerf Tank

44CON

Presented by: Julien Voisin and Thibault Koechlin Suhosin is a great PHP module, but unfortunately, it’s getting old, new ways have been found to compromise PHP applications, and some aren’t working anymore; and it doesn’t play well with the shiny new PHP 7. As a secure web-hosting company, we needed a reliable and future-proof solution to address the flow of new vulnerabilities that are published every day. This is why we developed Snuffleupagus, a new (and open-source!) PHP security module, that provides several features that we needed: passively killing several PHP-specific bug classes, but also implementing virtual-patching at the PHP level, allowing to patch vulnerabilities in a precise, false-positive-free, ultra-low overhead way, without even touching the applications’ code.

Security module for php7 – Killing bugclasses and virtual-patching the rest! ...

44CON

44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images

44CON

44CON London 2015 - Is there an EFI monster inside your apple?

44CON

44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...

44CON

44CON London 2015 - How to drive a malware analyst crazy

44CON

44CON London 2015 - 15-Minute Linux Incident Response Live Analysis

44CON

44CON London 2015 - Going AUTH the Rails on a Crazy Train

44CON

44CON London 2015 - Software Defined Networking (SDN) Security

44CON

44CON London 2015 - DDoS mitigation EPIC FAIL collection

44CON

44CON London 2015 - Hunting Asynchronous Vulnerabilities

44CON

44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...

44CON

44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root

44CON

Más de 44CON (20)

They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...

How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...

Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...

JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...

Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...

The UK's Code of Practice for Security in Consumer IoT Products and Services ...

Weak analogies make poor realities – are we sitting on a Security Debt Crisis...

Pwning the 44CON Nerf Tank

Security module for php7 – Killing bugclasses and virtual-patching the rest! ...

44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images

44CON London 2015 - Is there an EFI monster inside your apple?

44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...

44CON London 2015 - How to drive a malware analyst crazy

44CON London 2015 - 15-Minute Linux Incident Response Live Analysis

44CON London 2015 - Going AUTH the Rails on a Crazy Train

44CON London 2015 - Software Defined Networking (SDN) Security

44CON London 2015 - DDoS mitigation EPIC FAIL collection

44CON London 2015 - Hunting Asynchronous Vulnerabilities

44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...

44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root

Último

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Scalable LLM APIs for AI and Generative AI Application Development Ettikan Karuppiah, Director/Technologist - NVIDIA Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...

apidays

Architecting Cloud Native Applications

WSO2

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Zilliz

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Real Time Object Detection Using Open CV

Khem

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

AXA XL - Insurer Innovation Award Americas 2024

The Digital Insurer

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

ICT role in 21st century education and its challenges

rafiqahmad00786416

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Modernizing Securities Finance: The cloud-native prime brokerage platform transforming capital markets. Madhu Subbu, Managing Director, Head of Securities Finance Engineering Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu

apidays

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

44CON 2013 - Surviving the 0-day - Reducing the Window of Exposure - Andreas Lindh

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a 44CON 2013 - Surviving the 0-day - Reducing the Window of Exposure - Andreas Lindh

Similar a 44CON 2013 - Surviving the 0-day - Reducing the Window of Exposure - Andreas Lindh (20)

Más de 44CON

Más de 44CON (20)

Último

Último (20)

44CON 2013 - Surviving the 0-day - Reducing the Window of Exposure - Andreas Lindh

Notas del editor