An IT Security presentation I created for faculty and staff of the UW-Madison, School of Medicine, about how to recognize and defend against the threats of complex Phishing and Social Engineering, to protect sensitive digital information.
Attacker uses human interaction to obtain or compromise information.Attacker my appear unassuming or respectable
Pretend to be a new employee, repair man,
May even offer credentials.
By:Maulik Kotak
Attacker uses human interaction to obtain or compromise information.Attacker my appear unassuming or respectable
Pretend to be a new employee, repair man,
May even offer credentials.
By:Maulik Kotak
Social Engineering as the Art of "Human OS" hacking
Main points of the presentation (1) Overall introduction on social engineering (2) Case studies (3) Defending against Social Engineering.
for: http://armsec.org/
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
Social engineering is not just a supporting process to obtain system access; it could be the main attack. Organizations that focus only on a narrow definition of social engineering as an attack vector to obtain system access will fail to create awareness of all other possible social engineering attack methods.
Currently, market has a wide range of systems, products and services focused on computer security services: Antivirus, Antispyware, Firewalls, IPS, WAF, SIEM systems, etc.
All these measures are indispensable and have become a priority for any company or organization towards ensuring its assets, but social engineering plays with the advantage that you can use techniques that violate own vulnerabilities inherent in human beings and, as is well known, for this there is no patch or upgrade that provides effective protection against such attacks.
People is normally “the weak link in the chain”.
Social Engineering is a kind of advance persistent threat (APT) that gains private and sensitive information through social networks or other types of communication
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
One of today's most challenging security issues is social engineering defense. Despite evidence proving the impact of a social engineering attack, we often see inadequate incident response plans in place. In this talk, we will share our experiences about what organizations are doing when (or, more commonly, if) they detect an attack, steps to strengthen the social engineering defensive strategy, and what best practices to enforce for the strongest possible security posture.
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
The weakest link in the security chain is often between the keyboard and the chair. People are a problem. We have a natural instinct as humans to trust someone's word. Although various technical means have been developed to cope with security threats, human factors have been comparatively neglected.
Once you put a human in a security chain, you have a weakness. That problem should be addressed by security practitioners, not every member of an organization. Very few would disagree that social engineering is the the most common and least challenging way to compromise an organization, but most accept the notion that there isn't much they can do about it. False!
This talk will focus on the psychological, technical, and physical involvement of social engineering, and also look at how we can remove the human element of the human problem. We will explore what organizations are doing wrong, also the processes and technical controls that can be put in place to achieve a strong social engineering defense.
We'll template a solution that can be customized. What will really help? What is the truth? What if we don't want to surrender our organization to social engineers?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
Social engineering is a growing industry. Even the biggest companies as well as technology-savvy individuals fall victim to social engineering attacks. This training deck will help you understand the different types of social engineering attacks and how to protect your assets and data.
Credits:
Photos - unsplash, pixabay, flaticons
Presentation by: Jam Rivera
This slide gives a brief description of social engineering, its classcification, attack environment and various impersonation scenario which will give the audinece a sound knowledge on social engineering technique.
Understand Social Engineering on a new perspective, beyond the conventional understanding that we have, learn how we use it on social development and securing the weakest link in cybersecurity
An introductory session about Social Engineering presented at ICT Nuggets Forum - Khartoum, organized by Duko team. We talked about what is social engineering? terms related to it? and how attacks can bee carried. We also told a lot of stories about successful social engineering attacks and how much damage they did. Finally we talked about how to protect yourself and your company social engineering attacks.
Learn what is social engineering attack. It includes the social engineering techniques like shoulder surfing, eavesdropping, baiting, Tailgating, phishing, spear phishing and pretexting.
Dr. Shawn P. Murray was invited to the National Security Institute in April 2012 to present current topics related to social engineering and the threats they pose to organizations and their sensitive information. This presentation analyzes the principles of social engineering tactics as they relate to technology and security practices. Dr. Murray is a well known Cyber Security professional and has presented at various conferences regarding Cyber Security and Information Assurance topics.
Social Engineering - Human aspects of grey and black competitive intelligence. What is social engineering? How it is used in the context of competitive intelligence and industrial espionage? How to recognize HUMINT / social engineering attacks? Which governments are known to use it?
Social Engineering as the Art of "Human OS" hacking
Main points of the presentation (1) Overall introduction on social engineering (2) Case studies (3) Defending against Social Engineering.
for: http://armsec.org/
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
Social engineering is not just a supporting process to obtain system access; it could be the main attack. Organizations that focus only on a narrow definition of social engineering as an attack vector to obtain system access will fail to create awareness of all other possible social engineering attack methods.
Currently, market has a wide range of systems, products and services focused on computer security services: Antivirus, Antispyware, Firewalls, IPS, WAF, SIEM systems, etc.
All these measures are indispensable and have become a priority for any company or organization towards ensuring its assets, but social engineering plays with the advantage that you can use techniques that violate own vulnerabilities inherent in human beings and, as is well known, for this there is no patch or upgrade that provides effective protection against such attacks.
People is normally “the weak link in the chain”.
Social Engineering is a kind of advance persistent threat (APT) that gains private and sensitive information through social networks or other types of communication
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
One of today's most challenging security issues is social engineering defense. Despite evidence proving the impact of a social engineering attack, we often see inadequate incident response plans in place. In this talk, we will share our experiences about what organizations are doing when (or, more commonly, if) they detect an attack, steps to strengthen the social engineering defensive strategy, and what best practices to enforce for the strongest possible security posture.
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
The weakest link in the security chain is often between the keyboard and the chair. People are a problem. We have a natural instinct as humans to trust someone's word. Although various technical means have been developed to cope with security threats, human factors have been comparatively neglected.
Once you put a human in a security chain, you have a weakness. That problem should be addressed by security practitioners, not every member of an organization. Very few would disagree that social engineering is the the most common and least challenging way to compromise an organization, but most accept the notion that there isn't much they can do about it. False!
This talk will focus on the psychological, technical, and physical involvement of social engineering, and also look at how we can remove the human element of the human problem. We will explore what organizations are doing wrong, also the processes and technical controls that can be put in place to achieve a strong social engineering defense.
We'll template a solution that can be customized. What will really help? What is the truth? What if we don't want to surrender our organization to social engineers?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
Social engineering is a growing industry. Even the biggest companies as well as technology-savvy individuals fall victim to social engineering attacks. This training deck will help you understand the different types of social engineering attacks and how to protect your assets and data.
Credits:
Photos - unsplash, pixabay, flaticons
Presentation by: Jam Rivera
This slide gives a brief description of social engineering, its classcification, attack environment and various impersonation scenario which will give the audinece a sound knowledge on social engineering technique.
Understand Social Engineering on a new perspective, beyond the conventional understanding that we have, learn how we use it on social development and securing the weakest link in cybersecurity
An introductory session about Social Engineering presented at ICT Nuggets Forum - Khartoum, organized by Duko team. We talked about what is social engineering? terms related to it? and how attacks can bee carried. We also told a lot of stories about successful social engineering attacks and how much damage they did. Finally we talked about how to protect yourself and your company social engineering attacks.
Learn what is social engineering attack. It includes the social engineering techniques like shoulder surfing, eavesdropping, baiting, Tailgating, phishing, spear phishing and pretexting.
Dr. Shawn P. Murray was invited to the National Security Institute in April 2012 to present current topics related to social engineering and the threats they pose to organizations and their sensitive information. This presentation analyzes the principles of social engineering tactics as they relate to technology and security practices. Dr. Murray is a well known Cyber Security professional and has presented at various conferences regarding Cyber Security and Information Assurance topics.
Social Engineering - Human aspects of grey and black competitive intelligence. What is social engineering? How it is used in the context of competitive intelligence and industrial espionage? How to recognize HUMINT / social engineering attacks? Which governments are known to use it?
Seiring perkembangan siber, berbagai masalah terjadi, salah satunya ialah munculnya 'vulnerabilities' dan tumbuhnya jumlah peretas yang bertujuan jahat, oleh sebab itu diperlukan lah pengetahuan dini tentang keamanan siber.
2012 B-Sides and ToorCon Talk Offensive Defense
Blog Post - http://blog.ioactive.com/2013/01/offensive-defense.html
Cyber-criminals have had back-end infrastructures equivalent to Virus Total to test if malware and exploits are effective against AV scanners for many years, thus showing that attackers are proactively avoiding detection when building malware. In this day of age malicious binaries are generated on demand by server-side kits when a victim visits a malicious web page, making reliance solely on hash based solutions inadequate. In the last 15 years detection techniques have evolved in an attempt to keep up with attack trends. In the last few years security companies have looked for supplemental solutions such as the use of machine learning to detect and mitigate attacks against cyber criminals. Let's not pretend attackers can't bypass each and every detection technique currently deployed. Join me as I present and review current detection methods found in most host and network security solutions found today. We will re-review the defense in depth strategy while keeping in mind that a solid security strategy consists of forcing an attacker to spend as much time and effort while needing to know a variety of skills and technologies in order to successfully pull off the attack. In the end I hope to convince you that thinking defensively requires thinking offensively.
DefCamp #5, Bucharest, November 29th
Just as a chain is as weak as its weakest link, computer systems are as vulnerable as their weakest component – and that’s rarely the technology itself, it’s more often the people using it. This is precisely why it’s usually easier to exploit people’s natural inclination to trust than it is to discover ways to hack into computer systems. As the art of manipulating people into them giving up confidential information, Social Engineering has been a hot topic for many years. This session will discuss some of the most common Social Engineering techniques and countermeasures.
This document highlights the concepts in Information Warfare.
- Principles of Information Warfare
- Offensive Information Warfare
- Deception Tactics for Defense of Information Systems
- Corporate Espionage
Social Engineering - Strategy, Tactics, & Case StudiesPraetorian
For many organizations, the human element is often the most overlooked attack vector. Ironically, people are typically one of the easiest vulnerabilities to exploit and an attacker needs little more than a smile or email to completely compromise a company. With targeted attacks on the rise, organizations must understand the risk of social engineering based attacks. The purpose of this presentation is to examine common physical, phone, and Internet based attacks. Real world case studies are included and recommendations are provided that will help mitigate this growing threat.
Praetorian's goal is to help our clients understand minimize their overall security exposure and liability. Through our services, your organization can obtain an accurate, independent security assessment.
On Tuesday, Novermber 13th, at 11:00 AM, I will be giving this presentation to faculty and staff at the University of Wisconsin-Madison, School of Medicine and Public Health, at the Health Sciences Learning Center (HSLC), next to UW Hospital. IT Security and Healthcare, go together, like chocolate and peanut butter!
I will be giving this presentation on IT Security, for healthcare professionals, at the Health Sciences Learning Center, University of Wisconsin-Madison, School of Medicine and Public Health, tomorrow morning, at 11:00 CST. It will be held in room #1325 and is open to the public. I hope to see you there.
I will be giving this presentation on IT Security, for healthcare professionals, at the Health Sciences Learning Center, University of Wisconsin-Madison, School of Medicine and Public Health, tomorrow morning, at 11:00 CST. It will be held in room #1325 and is open to the public. I hope to see you there.
The Masterclass on Safeguarding Your Digital World, Outsmart Scammers and Protect Your Online Identity was presented by Richard Mawa Michael an awardee of the Ingressive 4 Good Cybersecurity Scholarship. He presented to South Sudanese audience on Saturday 02 September 2023 from 1 PM to 3 PM Central African Time in a session convened by the Excellence Foundation for South Sudan
Unveiling the dark web. The importance of your cybersecurity postureLourdes Paloma Gimenez
We live in the cyberspace but nobody talked us about cybersecurity. The web , deep web and the dark web. The different vectors of cyberattacks. Recommendations to stay protected.
Webinar: How to avoid the 12 Scams of ChristmasAbilityNet
In the webinar you can learn how to protect yourself and elderly people often most at risk from the most common online scams that can be especially rife around the festive season.
But anyone can become a victim of digital scams. They are a growing problem in the UK and criminals are using social media, email, and messaging services to target their victims.
Worrying about falling victim to online criminals can, understandably, make some people reluctant to engage in the online world. Recent research from BT Group* highlighted that some older internet users may be less familiar with the online world than others, so this webinar aims to provide valuable tips to vulnerable groups who may not be as online savvy as others.
The benefits of getting online can really make a positive difference to everyone's lives, so stay safe by learning about the common tactics that are used to attempt to fool us all.
What you'll learn:
In this free webinar, speakers from Greater Manchester Police and AbilityNet will share their expertise to help you:
Learn about common online scams to be aware of, particularly over the festive period
Arm yourself with background knowledge about what to avoid
Find out about some of the warning signs
Find out more at: www.abilitynet.org.uk/ScamsWebinar
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
This presentation contains Introduction of Phishing attack, its types and Various techniques, their impact with real live example, after that its Avoidance, Prevention and Solution. Also it contains brief introduction of SSL and HTTPS with their working.
3 aspects where the 'virtual world' interacts now and in the future with us in a very real way.
. Thought Works Introduction to Blockchain
. Cyber Security
. Cloud Accounting
Creating a digital toolkit for users: How to teach our users how to limit the...Justin Denton
Ever wonder what you should or shouldn’t share on the internet? Do you see users who are posting everything thing they possibly could on the internet and wonder how to help educate them to protect themselves?
All of this collective sharing, creates a data gold mine for hackers to do their evil bidding. In this session we will talk about what to post on the internet and what not too. We will also look into what hackers can use from the information you’ve posted on the internet and how they can use it to gain access to your and your users personal lives, accounts, credit cards, and more. During this session, we’ll dive into building a strategy plan to help limit and hopefully eliminate these references from your digital footprint to help ensure you are more secure than you were when you first started this session.
By the end of this webinar, attendees will have a virtual toolkit and strategies to help educate users on protecting themselves while online.
This wonderful presentation, appropriate for teens and young adults, was created by Symantec's Rayane Hazimeh for the Dubai Techfest, 2013. We thank her for generously sharing her content with the SlideShare community.
Asset Protection Conference 2011 -The Good, The Bad and The Ugly of Social MediaHelen Levinson
While beneficial for marketing purposes, social media activity creates potential pitfalls in terms of protecting a company’s assets and reputation. What if sensitive company information was leaked online and, even worse, you didn’t know it was out there? Are you prepared for serious damage control? A social media expert will show you how to manage and track your online reputation, identify online threats and address compliance issues. Learn investigative techniques to solve retail theft and the six key social media best practices.
(This presentation was given at the Asset Protection Conference 2011 - Food Marketing Institute)
Similar to UW School of Medicine Social Engineering and Phishing Awareness (20)
Conducting a NIST Cybersecurity Framework (CSF) AssessmentNicholas Davis
In today's ever-evolving cybersecurity landscape, organizations face an increasing number of threats. Conducting a NIST Cybersecurity Framework (CSF) assessment can be a valuable tool to identify, manage, and mitigate these risks. Let's explore how it can benefit your organization.
A NIST CSF assessment is not just about compliance; it's about proactively managing your cybersecurity posture. By identifying and addressing your vulnerabilities, you can reduce the likelihood and impact of cyberattacks. Additionally, the framework can help you communicate your security efforts effectively to internal and external stakeholders.
UW-Madison, Information Systems 371 - Decision Support SystemsNicholas Davis
Today, is Information Systems 371, I am lecturing about Decision Support Systems. In addition to covering the basics at a conceptual level, I am trying to get the students to think about the impact of IoT, 5G, and Artificial Intelligence, in terms of how Decision Support Systems are changing and what the new demands placed upon them will be.
During the Spring semester, I teach a 3 credit survey course in software development, at UW-Madison (IS 371), which is the first in the series of courses in the Information Systems major track. As part of this course, I devote an entire lecture to discussing different types of software development (Agile, Waterfall, Extreme, Spiral, etc.) I hope it helps the students better understand the different types of software development styles, as well as the benefits and drawbacks of each. In my opinion, they need to learn early on that there is more than one way to go about a software development challenge, and they need to figure out which style works best for them.
Information systems 365 - Cloud and BYOD SecurityNicholas Davis
Today, in class, I will be covering the topics of Cloud and BYOD Information Security. The intent of the lecture is to introduce students to the general issues surrounding information security in these two areas.
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
This is the security awareness presentation which I will be giving to Quartz Health Solutions, on October 24, 2018. If focuses in on three areas: information security best practices for work, at home, and also contains some tips for kids. Topics include: PHI, ePHI, HIPAA, Identity Theft, Social Engineering, phishing, password management, malware, insider threats, social networks, and mobile devices.
A presentation about cyberwar basics, the past, present and future directions of cyberwar and some needed changes in technology and long standing societal attitudes, to combat this escalating threat
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...Nicholas Davis
Last day of lecture, a summary presentation of everything the students learned this semester, in the information security class I teach at the University of Wisconsin-Madison
Bringing the Entire Information Security Semester Together With a Team ProjectNicholas Davis
Absorbing information does no good, unless you are able to apply what you have learned. Each semester, I give my information security students a team project, in which they must use all the knowledge acquired during the semester, in combination with their ability to do Internet research, to deliver an overall information security assessment of a company of their choosing. To make it a challenge, I make them grade all the other teams in the class, but only give them enough points to distribute so that the average is 90. In grading their peers, they must make decisions about which presentations are excellent, and which are not.
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...Nicholas Davis
Horrible things happen on the Deep Web. It is important for information security professionals to know about this topic, so that we can help to stop the problem. Silence is acquiescence----If you see something horribly wrong, you have got to speak up and be part of the solution to stop it. Contact the FBI or local law enforcement.
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Nicholas Davis
The final assignment in the Information Security 365/765 course I teach at UW-Madison, is for teams of students to put together company focused IT security presentations, in which they take the concepts learned in class throughout the entire semester, and apply them to a real company. Here is a sample from Team Netflix! I am proud of the students, and feel that they have gained a solid foundation in the field of information security. Another semester come and gone!
Information Security Fall Semester 2016 - Course Wrap Up SummaryNicholas Davis
This presentation is a summary, for the students of the IS 365/765 course I teach, at the University of Wisconsin-Madison, providing a 104 slide reminder of the most important topics in Information Security, which we covered throughout the semester. Today is the last day of course material. We have 4 days of student team presentations, to follow.
A general education presentation, created to teach employees of an organization about Phishing, what it is, how to recognize it, avoid becoming a phishing victim, how to recognize common social engineering techniques, and what to do if you think you have been phished.
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...Nicholas Davis
Today's topic in the Information Security 365/765 class, which I teach at the University of Wisconsin-Madison.
Computer crimes and computer laws, Motives and profiles of attackers, Various types of evidence, Laws and acts to fight computer crime, Computer crime investigation process, Incident handling procedures, Ethics and best practices
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
UW School of Medicine Social Engineering and Phishing Awareness
1. Free Powerpoint Templates
Page 1
Free Powerpoint Templates
Phishing and
Social Engineering
Awareness
-
Nicholas Davis
CISA, CISSP
Security Architect
UW-Madison, Division of
Information Technology
-
9 – 26 - 2013
2. Free Powerpoint Templates
Page 2
Introduction
• Background
• Phishing and Social Engineering
• History
• Types
• Examples
• Detecting Fraudulent Email
• Defending Against Phishing Attacks
• Measured Phishing Awareness at
DoIT
• Samples and Participation Rates
• Question and Answer Session
3. Free Powerpoint Templates
Page 3
Social Engineering
The art of manipulating people
into performing actions or
divulging confidential information
It is typically trickery or deception
for the purpose of information
gathering, fraud, or computer
system access
4. Free Powerpoint Templates
Page 4
Phishing
• Deception
• Email
• Websites
• Facebook status updates
• Tweets
• Phishing, in the context of the
healthcare working environment is
extremely dangerous
5. Free Powerpoint Templates
Page 5
Phishing 1995
• Target AOL users
• Account passwords=free online
time
• Threat level: low
• Techniques: similar names,
such as www.ao1.com for
www.aol.com
6. Free Powerpoint Templates
Page 6
Phishling 2001
Target: Ebay and major banks
Credit card numbers and account
numbers = money
Threat level: medium
Techniques: Same in 1995
7. Free Powerpoint Templates
Page 7
Phishing 2007
Targets are Paypal, banks, ebay
Purpose to steal bank accounts
Threat level is high
Techniques: browser
vulnerabilities, link obfuscation
9. Free Powerpoint Templates
Page 9
Looking In the Mirror
• Which types of sensitive information
do you have access to?
• What about others who share the
computer network with you?
• Think about the implications
associated that data being stolen
and exploited!
10. Free Powerpoint Templates
Page 10
What Phishing Looks Like
• As scam artists become more
sophisticated, so do their phishing e-
mail messages and pop-up windows.
• They often include official-looking
logos from real organizations and
other identifying information taken
directly from legitimate Web sites.
11. Free Powerpoint Templates
Page 11
Techniques For Phishing
• Employ visual elements from target site
• DNS Tricks:
• www.ebay.com.kr
• www.ebay.com@192.168.0.5
• www.gooogle.com
• Unicode attacks
• JavaScript Attacks
• Spoofed SSL lock Certificates
• Phishers can acquire certificates for domains
they own
• Certificate authorities make mistakes
12. Free Powerpoint Templates
Page 12
Social Engineering
Techniques
• Socially aware attacks
• Mine social relationships from public
data
• Phishing email appears to arrive from
someone known to the victim
• Use spoofed identity of trusted
organization to gain trust
• Urge victims to update or validate
their account
• Threaten to terminate the account if
the victims not reply
• Use gift or bonus as a bait
• Security promises
13. Free Powerpoint Templates
Page 13
Remember These
Social Engineering
Techniques
Often employed in Phishing seem more real,
urgent or to lower your guard of trust
Threats – Do this or else!
Authority – I have the authority to ask this
Promises – If you do this, you will get $$$
Praise – You deserve this
14. Free Powerpoint Templates
Page 14
Other Phishing Techniques
Socially aware attacks
Mine social relationships from public
data
Phishing email appears to arrive from
someone known to the victim
Use spoofed identity of trusted
organization to gain trust
Urge victims to update or validate their
account
Threaten to terminate the account if
the victims not reply
Use gift or bonus as a bait
Security promises
15. Free Powerpoint Templates
Page 15
Let’s Talk About Facebook
• So important, it gets its own slide!
• Essentially unauthenticated – discussion
• Three friends and you’re out! -
discussion
• Privacy settings mean nothing –
discussion
• Treasure Trove of identity information
• Games as information harvesters
21. Free Powerpoint Templates
Page 21
Detecting
Fraudulent Email
Information requested is inappropriate for the
channel of communication:
"Verify your account."nobody should not ask
you to send passwords, login names, Social
Security numbers, or other personal
information through e-mail.
Urgency and potential penalty or loss are
implied:
"If you don't respond within 48 hours, your
account will be closed.”
22. Free Powerpoint Templates
Page 22
Detecting Fraudulent
Email
"Dear Valued Customer."Phishing e-mail
messages are usually sent out in bulk and often
do not contain your first or last name.
23. Free Powerpoint Templates
Page 23
Dectecting Fraudulent
Email
"Click the link below to gain
access to your account.“
This is an example or URL
Masking (hiding the web address)
URL alteration
www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com
24. Free Powerpoint Templates
Page 24
How to Defend Against
Phishing Attacks
•Never respond to an email asking for
personal information
• Always check the site to see if it is secure
(SSL lock)
• Look for misspellings or errors in grammar
• Never click on the link on the email. Enter
the web address manually
• Keep your browser updated
• Keep antivirus definitions updated
• Use a firewall
• When in doubt, ask your Network
Administrator for their opinion
25. Free Powerpoint Templates
Page 25
A Note on Spear Phishing
• Designed especially for you
• Includes your name
• May reference an environment
or issue you are aware of and
familiar with
• Asks for special treatment, with
justification for the request
29. Free Powerpoint Templates
Page 29
Baiting
Hey, look! A free USB drive!
I wonder what is on this confidential CD which I
found in the bathroom?
These are vectors for malware!
Play on your curiousity or desire to get
something for nothing
Don’t be a piggy!
30. Free Powerpoint Templates
Page 30
Out of Office
Out of Control
Using the Out of Office responder
in a responsible manner
31. Free Powerpoint Templates
Page 31
Phishing Awareness at DoIT
DoIT staff undergo formal Security
Awareness training every year
Reading is one thing, experiencing is
another
We wanted some real measurements
Purchased a product which enabled us
to run measured phishing campaigns
Eight campaigns over the past year,
from simple to complex
38. Free Powerpoint Templates
Page 38
Results
Average industry end user
“participation rate” is 14%
Can you guess what our
participation rate was?
The more familiar the subject
matter, the more likely people are
to let their guard down
39. Free Powerpoint Templates
Page 39
Summary
Technology does not provide all the
answers
Think of Phishing every time you open
an email
Remember, Social Engineering happens
everywhere, not just at St. Elsewhere
40. Free Powerpoint Templates
Page 40
Questions and
Discussion
Nicholas Davis
ndavis1@wisc.edu
facebook.com/nicholas.a.davis