Security CPE
- Will Machine Learning Replace The WAF? - John Graham-Cumming - OWASP 2024
ashar @infosec.pub FeaturedWill Machine Learning Replace The WAF? - John Graham-Cumming
Based on 20 years of experience using machine learning and keyword/pattern based systems this talk will look at the impact of machine learning on WAFs and how it can be used to effectively block malicious HTTP traffic.
John Graham-Cumming is CTO of Cloudflare and is a computer programmer and author. He studied mathematics and computation at Oxford and stayed for a doctorate in computer security. As a programmer, he has worked in Silicon Valley and New York, the UK, Germany, and France. His open source POPFile program won a Jolt Productivity Award in 2004
- FrOSCon 2024 - free open source con -GERMAN and ENGLISH
Free and Open Source Software Conference.
Free Software and Open Source - these are the topics of FrOSCon (Free and Open Source Software Conference). Every year in August the computer science department of the University of Applied Sciences Bonn-Rhein-Sieg, supported by FrOSCon e.V., will organize an exciting program with talks and workshops for visitors of all ages
- Sleuthcon cybercrime congress 2023
SLEUTHCON is a forum for identifying and exploring cybercrime and financially-motivated threats. This conference will highlight the work done by cybersecurity researchers, defenders, academics, law enforcement, and others.
- Security+ SY0-701 Exam Cram Playlist - 2024 Edition
Security+ SY0-701 Exam Cram Playlist - 2024 Edition
14 hours of training content from Pete Zerger
- t2/2024 - Hacking a Satellite for Fun and Profit (Mario Polino)
Hacking a Satellite for Fun and Profit
Mario Polino @ mhackeroni
A light-hearted and entertaining dive into our victorious adventure at Hack-A-Sat! Our presentation takes you on a ride through the challenges and triumphs of hacking into an orbiting satellite, the Moonlighter. What is a Capture The Flag What is Hack-A-Sat How Qualification works How to Organize a CTF Team The competition The preparation of the team for the competition Same challenge example and solution.
Mario Polino has been a hacker and CTF player since 2008. He has a PhD in Computer Security from Politecnico di Milano. Mario worked as a researcher at Politecnico, publishing scientific papers on binary and malware analysis and ML for cybersecurity.
Mario has been the captain of Politecnico's team, Tower of Hanoi (https://toh.necst.it/about/, winner of ruCTF 2019), and is the captain of the Italian team mhackeroni (https://mhackeroni.it/ 5 times DEF CON CTF Finalist). Mario coaches Team Italy (https://teamitaly.eu/), the national Italian hacking team, and Team Europe (https://teameurope.site/), the hacking team selected among all European nations.
- BSides Joburg 2024
Born in 2009, BSides Security Conferences are community-driven events for cybersecurity professionals. They offer a welcoming space for individuals to present research, ideas, and experiences, fostering dialogue and collaboration beyond the limitations of larger conferences.
- The Fault in Our Metrics: Rethinking How We Measure Detection & Response | A Conversation with Allyn Stott
The Fault in Our Metrics: Rethinking How We Measure Detection & Response | A Conversation with Allyn Stott
Podcast Redefining CyberSecurity with Sean Martin
In this episode of The Redefining CyberSecurity Podcast, host Sean Martin converses with Allyn Stott, who shares his insights on rethinking how we measure detection and response in cybersecurity. The episode explores the nuances of cybersecurity metrics, emphasizing that it's not just about having metrics, but having the right metrics that truly reflect the effectiveness and efficiency of a security program.
Stott discusses his journey from red team operations to blue team roles, where he has focused on detection and response. His dual perspective provides a nuanced understanding of both offensive and defensive security strategies. Stott highlights a common issue in cybersecurity: the misalignment of metrics with organizational goals. He points out that many teams inherit metrics that may not accurately reflect their current state or objectives. Instead, metrics should be strategically chosen to guide decision-making and improve security posture. One of his key messages is the importance of understanding what specific metrics are meant to convey and ensuring they are directly actionable.
In his framework, aptly named SAVER (Streamlined, Awareness, Vigilance, Exploration, Readiness), Stott outlines a holistic approach to security metrics. Streamlined focuses on operational efficiencies achieved through better tools and processes. Awareness pertains to the dissemination of threat intelligence and ensuring that the most critical information is shared across the organization. Vigilance involves preparing for and understanding top threats through informed threat hunting. Exploration encourages the proactive discovery of vulnerabilities and security gaps through threat hunts and incident analysis. Finally, Readiness measures the preparedness and efficacy of incident response plans, emphasizing the coverage and completeness of playbooks over mere response times.
Martin and Stott also discuss the challenge of metrics in smaller organizations, where resources may be limited. Stott suggests that simplicity can be powerful, advocating for a focus on key risks and leveraging publicly available threat intelligence. His advice to smaller teams is to prioritize understanding the most significant threats and tailoring responses accordingly.
The conversation underscores a critical point: metrics should not just quantify performance but also drive strategic improvements. By asking the right questions and focusing on actionable insights, cybersecurity teams can better align their efforts with their organization's broader goals.
For those interested in further insights, Stott mentions his upcoming talks at B-Sides Las Vegas and Blue Team Con in Chicago, where he will expand on these concepts and share more about his Threat Detection and Response Maturity Model.
In conclusion, this episode serves as a valuable guide for cybersecurity professionals looking to refine their approach to metrics, making them more meaningful and aligned with their organization's strategic objectives.
- hardwear.io USA 2024
Learn from leading hardware security researchers & professionals and discuss the latest & most innovative research on attacking and defending hardware. Connect with industry peers. Join us for a bigger, bolder, and better hardwear.io
- Pass the SALT conference 2024 - 37 videos
A totally free, english spoken conference dedicated to free software & security. Talks & workshops delivered by experts. High quality talks
2024 edition hosts 21 talks covering 10 Security topics (WebPKI, DFIR & TI, Reverse, Network Detectection etc). Talks are all delivered by experts.
- CTI2024 Cyber Threat Intelligence Conference FIRSTyoutube.com 2024 Cyber Threat Intelligence Conference | #FIRSTCTI24
In 2016, FIRST and Siemens joined forces to organize an event focused on Cyber Threat Intelligence in Munich, Germany. The meeting’s main purpose and origin ...
16 videos
- BSides SF 2024 - 61 videosbsidessf.org BSidesSF
BSidesSF 2024 will be held May 4-5, 2024! We can't wait to share the Next Big Thing! Call for Participation is closed! Thanks to all who submitted. We received a total of 334 reviewa...
Playlist BSides San Francisco 2024 https://youtube.com/playlist?list=PLbZzXF2qC3RtlV2pwcvdbsCBc1Vb8kwVw&si=DlnRkx6RiwiDBOVx
- Darnet Diaries podcast EP 147: TORNADO
In this episode, Geoff White (https://x.com/geoffwhite247) tells us what happened to Axie Infinity and Tornado cash. It’s a digital heist of epic proportions that changed everything.
Sources
https://www.rechtspraak.nl/Organisatie-en-contact/Organisatie/Rechtbanken/Rechtbank-Oost-Brabant/Nieuws/Paginas/Developer-of-Tornado-Cash-gets-jail-sentence-for-laundering-billions-of-dollars-in-cryptocurrency.aspx
https://www.ic3.gov/Media/Y2024/PSA240425
https://www.tabnak.ir/fa/news/1225983/کسر-۳-میلیون-تومان-از-حساب-افراد-بابت-بی-حجابی
https://www.independentpersian.com/node/348011/سیاسی-و-اجتماعی/قرار-است-بخشی-از-کسر-بودجه-از-جزای-نقدی-قانون-حجاب-اجباری-تامین-شود#:~:text=قرار%20است%20بخشی%20از%20کسر%20بودجه%20از%20جزای,۱۸%20تا%20۳۶%20میلیون%20تومان»%20تعیین%20شده%20است
https://www.coinspeaker.com/arrest-bitcoin-advocate-ziya-sadr/
https://www.eff.org/deeplinks/2023/08/tornado-cash-civil-decision-limits-reach-treasury-departments-actions-while
Attribution
Darknet Diaries is created by Jack Rhysider.
This episode was researched and written by Fiona Guy.
Assembled by Tristan Ledger.
Episode artwork by odibagas.
Mixing by Proximity Sound.
Theme music created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp. Or listen to it on Spotify.
- Error Code podcast. EP 40: Hacking IoT Surveillance Cameras For Espionage Operations - 28 minutes
Error Code podcast. EP 40: Hacking IoT Surveillance Cameras For Espionage Operations
That camera above your head might not seem like a good foreign target, yet in the Ukraine there’s evidence of Russian-backed hackers passively counting the number of foreign aid workers at the local train stations. Andrew Hural of UnderDefense talks about the need to secure everything around a person, everything around an organization, and everything around a nation because every one can be a target.
- Defense in Depth podcast - Securing Identities in the Cloud
Defense in Depth podcast - Securing Identities in the Cloud
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is our sponsored guest, Adam Bateman, CEO, Push Security.
The SaaS attacks matrix community resource mentioned by Adam in the episode can be found here.
Editorial note: Geoff Belknap is an advisor to Push Security.
In this episode:
-
Where are we going wrong
-
Finding the missing pieces
-
Protecting an expanding border
-
It starts with understanding risk
-
- fwd:cloudsec North America 2024 - 44 videos
fwd:cloudsec is a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies, and generally the types of things cloud practitioners want to know, but that don't fit neatly into a vendor conference schedule.
- CCC IGER - Intergalaktische Erfahrungsreise 2024 - 9 talks in GERMAN
Was ist eigentlich das IGERla? Das IGERla ist eine verkleinerte Variante der Intergalaktischen Erfahrungsreise (IGER, siehe nächster Abschnitt). Sie findet 2024 anstatt einer “großen” IGER statt, um das Orga-Team zu schonen. Die Location und das Grundkonzept bleiben gleich; ein paar der in der folgenden Sektion genannten “Standards” werden wir in diesem Jahr möglicherweise nicht erfüllen können.
- BSidesCharm 2024 - 22 videos
BSidesCharm is a regional Security BSides held in the Baltimore region of Maryland. It operates under the umbrella principles of Security BSides as a larger community project within information security. BSides aims to offer small, intimate events where all participants can engage each other to help develop connections, friendships, and network with different industry professionals.
- SSTIC 2024 - FRENCH language conference
Symposium sur la sécurité des technologies de l'information et des communications
- Botconf 2024
Botconf typically gathers 400 people from all around the world and various backgrounds. They all share the same goal of fighting malware, but with complimentary approaches: law enforcement, academia, CSIRT, threat analysis teams, antivirus developers, etc.
- Bsides Seattle 2024 - 7 videos
BSides Seattle is a community based conference for individuals in or interested in Information Security. Founded in 2012, BSides Seattle continues to provide space for the open sharing of ideas, concepts and debates. A place where security geeks of all ages, all levels of learning, all walks of life can bring their true selves and learn amazing things
- Insomni'hack 2024 - 28 talks
Insomni'hack is a Swiss security conference and hacking contest founded and organized by SCRT S.A.
- UniCon 2024 - 8 talks
Welcome to SCYTHE's fifth annual UniCon, a free virtual all-day purple teaming conference held on April 9, National Unicorn Day!
#UniCon24 Theme: Strengthening Cyber Resilience
Opening Keynote: -Dave Kennedy - Co-Founder & Chief Hacking Officer, TrustedSec
Keynote: -Jake Williams - Enterprise Risk Management Expert
Closing Keynote: -Bryson Bort - CEO & Founder, SCYTHE
Acclaimed speakers (alphabetical order) include: -Zack Allen, Director, Datadog -Lesley Carhart, Technical Director, Dragos, Inc. -Nicholas Carroll, Cyber Incident Response Manager, Raytheon -Jeremiah Dewey, SVP, Rapid7 -Thomas VanNorman, CISSP, GICSP, SVP, GRIMM Cyber -Tarah M. Wheeler, CEO, Red Queen Dynamics
