BlueHat v18 || Badly behaving scripts - meet amsi script behavior instrumentation and machine learning

Oct 4, 20183 likes1,244 views

Geoff McDonald, Microsoft Moustafa Saleh, Microsoft Bhavna Soman, Microsoft Jugal Parikh, Microsoft Andrea Lelli (MSR) As browser and operating system security have been improving, there has been a rise in conventional malware attacks relying instead on social-engineering based attacks. These socially-engineered attacks often rely on emails containing script-based malware loaders such as JavaScript, Visual Basic Script, or HTA files. When run, these scripts will be hosted with a Windows script execution engine and usually proceeds to download and run malware such as ransomware. Versions of Windows 10 have behavior instrumentation of some of the script execution engines in place, which passes behavior during execution to the default installed security product for scanning through the AMSI interface. In this presentation, we will present how we use this feature combined with machine learning in Windows Defender AV to protect against these attacks by pairing lightweight client behavior models with heavier real-time cloud models.

BlueHat v18 || Badly behaving scripts - meet amsi script behavior instrumentation and machine learning

hxxp://domke-engineering.de:10080/8734gf3hf?...
"C:UsersAdministratorAppDataLocalTempjXUahaeoJ.exe"

96% of malware are seen
only once
-
200,000
400,000
600,000
800,000
1 2 3 4 5 6 7 8 9 10 11 12
Downloadattempts
Hours after first encounter
Malicious downloads encountered
more than once
Source: Windows Defender Antivirus, August 2017
Source: Windows Defender Antivirus, Q1 2017
55%
6% 6% 7%
26%
0%
20%
40%
60%
1 2-10 11-100 101-1000 1001+
Percenttotalencounters
Number of client encounters per threat
Customer impact of unique and
prevalent threats

Learn more!
https://docs.microsoft.com/en-us/windows/desktop/amsi/antimalware-scan-interface-portal

Invoke-Expression
[ScriptBlock]::Create(…)
Function foo { … }
PowerShell –Command …
PowerShell –EncodedCommand …
IEX (an alias to Invoke-Expression)
$executionContext.InvokeCommand.InvokeScript( … )
$executionContext.InvokeCommand.NewScriptBlock( … )
$ExecutionContext.InvokeCommand.ExpandString( … )
$PSCmdlet.InvokeCommand.InvokeScript( … )
$PSCmdlet.InvokeCommand.NewScriptBlock( … )
$PSCmdlet.InvokeCommand.ExpandString( … )

• Windows Defender AV
• Windows Defender ATP
• AVG
• BitDefender
• CrowdStrike Falcon
• ESET
• Dr. Web
• Avast
• McAfee
• Kaspersky
From public information:
+ other security products are likely

• WScript.Shell.Run()
• Shell.Application.ShellExecute()
• Wscript.Shell.Exec()
• MMC20.Application.Document.ActiveView.ExecuteShellCo
mmand
• Execute (generic "object.Execute", often used with the obj
returned by "WSHController.CreateScript")
• Win32_Process.ExecMethod
• Win32_Process.ExecMethodAsync
• _60020007 (Dispatch ID used by generic
"object.DynamicInvoke" method, often used with
"BinaryFormatter")
• _01000001 (Dispatch ID used by "StartService" and
"Win32_ProcessStartup.Create" methods)
• Shell.Application.ServiceStart

SDCA: Shalev-Shwartz, Shai, and Tong Zhang. "Stochastic dual coordinate ascent methods for regularized loss
minimization." Journal of Machine Learning Research 14.Feb (2013): 567-599.
SA-SDCA: Microsoft Research. Tran, Kenneth, et al. "Scaling up stochastic dual coordinate ascent." Proceedings of the 21th
ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 2015.

0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
0% 1% 2% 3% 4% 5%
POSITIVERECALL
FALSE POSITIVES

IHost
IWshShell
IFileSystem
IServerXMLHTTPRequest
_Stream
CreateObject Status SaveToFile
ExpandEnvironmentStrings Type Run
FileExists responseBody
open Write
send Size

70%
75%
80%
85%
90%
95%
100%
0.00%
0.01%
0.03%
0.04%
0.05%
0.07%
0.08%
0.09%
0.11%
0.12%
0.13%
0.15%
0.16%
0.17%
0.19%
0.20%
0.21%
0.23%
0.24%
0.25%
0.27%
0.28%
0.29%
PositiveRecall
False Positive Rate
LightGBM
Boosted Trees
CNTK 1 hidden,
40 neurons
XGBoost

75.00%
80.00%
85.00%
90.00%
95.00%
100.00%
0.00% 0.10% 0.20% 0.30% 0.40% 0.50%
POSITIVERECALL
FPR
All Features
ML signatures +
Expert signatures
Fuzzy Hash
Partial Hash

70%
75%
80%
85%
90%
95%
100%
0.00%
0.01%
0.03%
0.04%
0.05%
0.07%
0.08%
0.09%
0.11%
0.12%
0.13%
0.15%
0.16%
0.17%
0.19%
0.20%
0.21%
0.23%
0.24%
0.25%
0.27%
0.28%
0.29%
PositiveRecall
False Positive Rate
LR LR Monotonoic

AMSI integration
point
Dynamic script
content AMSI calls
Behavior AMSI calls
PowerShell X
VBScript X X
JavaScript X X
Office VBA macros X

Unique insights, informed by trillions of signals

This document discusses analytics for IoT and making sense of data from sensors. It first provides an overview of Innohabit Technologies' vision and products related to contextual intelligence platforms, machine learning analytics, and predictive network health analytics. It then discusses how analytics can help make sense of the endless sea of data from IoT sensors, highlighting key applications of analytics in areas like industrial IoT, smart retail, autonomous vehicles, and more. The benefits of analytics adoption in industrial IoT contexts include optimized asset maintenance, production operations, supply chain management, and more.

IoT in HealthcareVenkat Alagarsamy

IoT is a combination of hardware and software technology that produces trillions of data through connecting multiple devices and sensors with the cloud and making sense of data with intelligent tools IoT in Healthcare is a heterogeneous computing, wirelessly communicating system of apps and devices that connects patients and health providers to diagnose, monitor, track and store vital statistics and medical information.

Iot data analyticsUnmesh Ballal

This document discusses Internet of Things (IoT) data analytics and compares several popular IoT platforms. It begins with an overview of IoT concepts like sensors, connectivity technologies, and components. It then examines Google's architecture for real-time streaming before comparing features of Bosch, Cisco, AWS, and Azure IoT platforms, including device management, analytics, security, and pricing. Finally, it outlines factors to consider when selecting an IoT platform, such as device capabilities, data needs, industry, and infrastructure requirements.

Analytics in IOTMitesh Gupta

The document provides an overview of analytics in the Internet of Things (IoT) space. It defines key concepts like IoT, Industrial IoT (IIoT), and Analytics of Things (AoT). It discusses how IoT analytics is different and provides case studies on preventive maintenance, freezer failure detection, and analytics for a solar PV plant. It highlights the importance of data science for analyzing the huge volumes of data generated by IoT devices and the analytics techniques used, including performance analytics, trend analysis, and machine learning algorithms.

Internet of Things (IoT) and Big DataGuido Schmutz

Independent of the source of data, the integration of event streams into an Enterprise Architecture gets more and more important in the world of sensors, social media streams and Internet of Things. Events have to be accepted quickly and reliably, they have to be distributed and analysed, often with many consumers or systems interested in all or part of the events. Dependent on the size and quantity of such events, this can quickly be in the range of Big Data. How can we efficiently collect and transmit these events? How can we make sure that we can always report over historical events? How can these new events be integrated into traditional infrastructure and application landscape? Starting with a product and technology neutral reference architecture, we will then present different solutions using Open Source frameworks and the Oracle Stack both for on premises as well as the cloud.

VSP: A Virtual Smartphone Platform to Enhance the Capability of Physical Smar...Keshav Vaswani

This document describes a virtual smartphone platform (VSP) that enhances the capabilities of physical smartphones. The VSP allows smartphone applications to run virtually on remote servers in the cloud rather than locally on the device hardware. This improves performance by offloading processing and storage demands. The document outlines the system architecture, which includes thin client apps, a management node to allocate virtual smartphones (VSes) to servers, and using remote display protocols for interaction. It also describes implementing priority-based VS assignment and using ant colony optimization techniques to efficiently map VSes to servers over time in response to resource usage. Evaluation results show reduced CPU usage, bandwidth needs, and battery consumption compared to local execution.

IoT Healthcareneha kumari

IHE-XDS_XDR-XDM UnderstandingRaghu Kodumuri

The document provides an overview of the Integrating the Healthcare Enterprise (IHE) Integration Profile called Cross-Enterprise Document Sharing (XDS). XDS allows for the registration, distribution and access of patient electronic health records across different healthcare organizations. It defines standards for managing the sharing of clinical documents between any healthcare enterprise, regardless of where the documents or systems reside. The document describes the main XDS actors, transactions, use cases and technical standards involved in cross-enterprise clinical document sharing using XDS.

Lecture3 - VR TechnologyMark Billinghurst

IoT Security Challenges and SolutionsIntel® Software

Iot pptKrishna Saini

The document discusses the Internet of Things (IoT). It defines IoT as a system of interconnected devices, machines, objects, animals, and people that can transfer data over a network without human interaction. The document notes that IoT allows everyday objects to gather and share sensor data. It provides examples of application areas for IoT like smart homes, wearables, healthcare, and vehicles. Finally, it acknowledges that the future of IoT is promising as the technology continues to develop new possibilities.

XDS - Cross-Enterprise Document SharingHealth Informatics New Zealand

nptel-1.pdfRagesh Warrier

The document provides an introduction to the Internet of Things (IoT). It defines IoT as connecting devices, machines and tools to the internet using wireless technologies. Over 9 billion devices are currently connected, projected to exceed 20 billion. IoT unifies technologies like embedded systems, cloud computing, big data, machine learning and networking. The term originated from a 2005 report discussing internet-connected machines to machine connectivity networks extending to common household devices. IoT enables efficient monitoring and control of physical objects through embedded sensors and communication across networks.

Introduction to IoT SecurityCAS

This document provides an introduction to IoT security. It discusses key components of IoT including sensors, actuators, microcontrollers, communication capabilities, and identification. The document outlines the ITU-T IoT reference model and describes security challenges at different levels including devices, fog networks, core networks, and data centers. It also discusses common IoT security issues such as unpredictable behavior, device similarity, problematic deployments, lack of upgrades, and lack of transparency. Finally, the document summarizes common IoT security tools including encryption, passwords, hardware security modules, two-factor authentication, and public key infrastructure certificates.

Tangible AR InterfaceJongHyoun

This document discusses augmented reality (AR) interfaces for visual analytics. It provides an overview of AR, including its key characteristics of combining real and virtual images in an interactive and registered 3D space. Examples are given of medical imaging applications and trials of AR interfaces. Design principles for AR user interfaces are outlined, including using physical objects, appropriate interaction metaphors, and principles from tangible interfaces. Case studies demonstrate AR lenses and collaborative AR interfaces. The document concludes with a discussion of future directions such as mobile phone AR, collaborative AR, and ubiquitous VR (UbiVR).

10 min IoT pptVaishnavu Pathayathodi

The document discusses the Internet of Things (IoT). It defines IoT as physical objects embedded with electronics, software and sensors that can connect and exchange data over the internet. It provides a brief history of IoT, examples of where IoT is used like smart homes and healthcare. It also discusses the size of the IoT market and some technological challenges and drawbacks of IoT like cyber attacks and difficulty updating devices.

Health information exchange (HIE)ACCESS Health Digital

There are three key forms of health information exchange: 1) Directed exchange allows providers to electronically send and receive secure information like lab results between providers involved in a patient's care. 2) Query-based exchange allows providers to find and request information on a patient from other providers, often used for emergency care. 3) Consumer mediated exchange allows patients to aggregate and manage their health information online and help transfer it between providers.

Extended Reality - VR, AR, MR Applications and FutureStephen Rhind-Tutt

Stephen Rhind-Tutt gave a presentation on extended reality (XR) technologies like virtual reality (VR), augmented reality (AR), and mixed reality (MR) and their applications and future potential. He discussed how XR can be used to simulate dangerous or inaccessible situations, replicate experiences, and deliver immersive content at a distance. While the technology faces barriers like hardware and software compatibility issues, the market is growing. Libraries and information professionals have an important role to play in selecting, evaluating, licensing, and disseminating XR content and helping users overcome barriers to adoption.

Metaverse webinar 05042018Peiramatiko Sxoleio Panepistimiou Patron

Android İşletim Sistemi_aerdeger

Big Data and its Impact on Industry (Example of the Pharmaceutical Industry)Hellmuth Broda

Metaverse InfographicsAlex G. Lee, Ph.D. Esq. CLP

Metaverse is the converged world of physical world and virtual world that is hyper-connected, hyper-visualized, hyper-interacted, and hyper-reality enabled. Metaverse is a collection of fully connected interoperable physically augmented digital worlds with physical persistence that are converged with the virtually augmented physical world in which people and digital representations of people (digital people) can fully interact with one another and digital objects/environments (including digital twins) with full reality.

Iot internet-of-things-pptSonalSharnam

The document defines and discusses the Internet of Things (IoT). It provides a definition of IoT as interconnected devices that can transfer data over a network without human interaction. It then explains how IoT works through sensors that collect data, connectivity to transfer the data, data processing, and user interfaces. Examples of IoT devices are given like smart lightbulbs and thermostats. Benefits to organizations are outlined as well as the importance of IoT. Applications and challenges are also summarized.

Artificial intelligence and IoTVeselin Pizurica

Big data in healthcareDeZyre

Big data solutions are enabling healthcare providers to transform into more patient-centered, collaborative care models driven by analytics. As basic needs are met and advanced applications emerge, new use cases will arise from sources like wearable devices and sensors. Predictive analytics using big data can help fill gaps by predicting things like missed appointments, noncompliance, and patient trajectories in order to proactively manage care. However, barriers to using big data include a lack of expertise and the fact that big data has a different structure and is more unstructured than traditional databases.

Internet of medical things (IOMT)K Raman Sethuraman

While E-health is based on networked I-C-T devices of the humans, operated by the humans for human healthcare and wellness, IOMT is a network of the ‘smart-devices’, operated by the devices for human healthcare and wellness. An estimated 160 million smart medical devices are expected to be connected in 2020. This number will increase exponentially. We need to be prepared for the disruptive influence of IOMT on the present-day healthcare paradigm. A major concern is the sheer magnitude of digital healthcare data generated by IOMT. Are we creating a "Digital Black hole" is a question for deep introspection.

The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...Lumension

Today, more than 1.6 million new malware signatures are identified each month. And more organizations are falling prey to "zero-day" attacks - malware for which an anti-virus signature does not exist. It’s no surprise that roughly half of the organizations surveyed in a 2010 Ponemon Institute study reported an increase in their IT operating expenses - a main driver of that cost increase was malware. Traditional anti-virus simply can't keep up in the malware arms race and relying on it as your primary defense will prove costly. In this webcast, Paul Henry, security and forensics expert, and Chris Merritt, Director of Solution Marketing with Lumension, will examine: * The true cost of anti-virus in terms of PC performance, network bandwidth, IT helpdesk costs, prevention of malware and more * Why application whitelisting is a better approach to defend against rising targeted attacks * How application whitelisting has evolved to provide a new level of intelligence that delivers more effective security and necessary flexibility to improve productivity - in even rapidly changing endpoint environments

Hack miami emiliocasbasEmilio Casbas

The document discusses raising security awareness among web owners and users. It notes that there are around 30,000 new malicious URLs daily and that 80% of legitimate websites are compromised due to a lack of security awareness by web owners. The document proposes creating a service called "Desenmascara.me" that would give websites a security awareness score, detect suspicious content, and help decrease the number of compromised sites by promoting better security practices.

More Related Content

What's hot (20)

IoT Healthcareneha kumari

IHE-XDS_XDR-XDM UnderstandingRaghu Kodumuri

Lecture3 - VR TechnologyMark Billinghurst

IoT Security Challenges and SolutionsIntel® Software

Iot pptKrishna Saini

XDS - Cross-Enterprise Document SharingHealth Informatics New Zealand

nptel-1.pdfRagesh Warrier

Introduction to IoT SecurityCAS

Tangible AR InterfaceJongHyoun

10 min IoT pptVaishnavu Pathayathodi

Health information exchange (HIE)ACCESS Health Digital

Extended Reality - VR, AR, MR Applications and FutureStephen Rhind-Tutt

Metaverse webinar 05042018Peiramatiko Sxoleio Panepistimiou Patron

Android İşletim Sistemi_aerdeger

Big Data and its Impact on Industry (Example of the Pharmaceutical Industry)Hellmuth Broda

Metaverse InfographicsAlex G. Lee, Ph.D. Esq. CLP

Iot internet-of-things-pptSonalSharnam

Artificial intelligence and IoTVeselin Pizurica

Big data in healthcareDeZyre

Internet of medical things (IOMT)K Raman Sethuraman

IoT Healthcareneha kumari

IHE-XDS_XDR-XDM UnderstandingRaghu Kodumuri

Lecture3 - VR TechnologyMark Billinghurst

IoT Security Challenges and SolutionsIntel® Software

Iot pptKrishna Saini

XDS - Cross-Enterprise Document SharingHealth Informatics New Zealand

nptel-1.pdfRagesh Warrier

Introduction to IoT SecurityCAS

Tangible AR InterfaceJongHyoun

10 min IoT pptVaishnavu Pathayathodi

Health information exchange (HIE)ACCESS Health Digital

Extended Reality - VR, AR, MR Applications and FutureStephen Rhind-Tutt

Metaverse webinar 05042018Peiramatiko Sxoleio Panepistimiou Patron

Android İşletim Sistemi_aerdeger

Big Data and its Impact on Industry (Example of the Pharmaceutical Industry)Hellmuth Broda

Metaverse InfographicsAlex G. Lee, Ph.D. Esq. CLP

Iot internet-of-things-pptSonalSharnam

Artificial intelligence and IoTVeselin Pizurica

Big data in healthcareDeZyre

Internet of medical things (IOMT)K Raman Sethuraman

Similar to BlueHat v18 || Badly behaving scripts - meet amsi script behavior instrumentation and machine learning (20)

The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...Lumension

Hack miami emiliocasbasEmilio Casbas

End of Studies project: Malware Repsonse CenterAbdessabour Arous

Where There's Money, There's Crime: Web-based ThreatsAvast

The massive expansion of the Internet and the devices that use it to communicate is slowly but inevitably changing the lives of billions of people. Social networks are at the peak of their popularity, data is moving to the Cloud and traditional computing platforms are in recess. More and more applications are being created directly for the Web - a new platform, common to all devices. This silent revolution is causing browsers to become more important than operating systems themselves. Where there are users, there's money. Where there's money, there's crime. The Web, as a new platform, is becoming a target for cyber-attackers who abuse the OS-independent technology with malicious intentions. Anyone who uses a browser can become their victim. This presentation shows how cybercrime actually works from social engineering tactics to how browsers can be locked down with ransom demands by visiting just a single webpage. Our goal is to make the Web more secure. Help us by knowing the techniques of the enemy, recognizing scam attempts, and making your web apps resilient to future attacks. Presented by Pavel Šrámek, malware analyst at Avast, at the Web Expo 2014.

Web security-–-everything-we-know-is-wrong-eoin-kearydrewz lin

1) Web application security is often approached incorrectly, focusing too much on annual penetration tests and compliance, rather than ongoing monitoring and prevention through the development process. 2) Many vulnerabilities are introduced through third party libraries and dependencies, which are not properly tested or managed. Continuous testing across the full software supply chain is needed. 3) Not all vulnerabilities are equal - context is important. A risk-based approach should prioritize the most critical issues based on factors like impact, likelihood, and the development environment. Compliance alone does not ensure real security.

AntiviruxssMarcusgcm

This document summarizes how the authors found Cross-Site Scripting (XSS) vulnerabilities in the web applications of 8 out of the top 9 antivirus software vendors. It details each vulnerability found, including the affected subdomain, how the vulnerability was exploited through injection of malicious code, and a rating of severity and difficulty for each finding. It also discusses how each vendor responded after being notified of the vulnerabilities. The vulnerabilities allowed execution of arbitrary JavaScript that could potentially steal user credentials or session cookies. Finding viable payloads to trigger alerts was challenging due to various protections and filters in place.

DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...Felipe Prado

This document contains biographies of three individuals - Anthony Rose, Jacob Krasnov, and Vincent Rose - who are co-founders of BC Security and researchers focused on security topics like Bluetooth, wireless security, and embedded systems. It then provides an overview of a session about techniques for obfuscating malware to avoid detection by defenses like AMSI and sandboxes. The document outlines goals, expectations, and provides brief explanations of key concepts like AMSI, malware triggering, and Empire tutorials.

Social Enterprise Rises! …and so are the Risks - DefCamp 2012DefCamp

The document discusses social enterprise software and associated security risks. It provides an overview of social enterprise software, why organizations use it, and common deployment models. It then discusses some common security risks like data loss, exploitation of vulnerabilities, and social engineering. The document outlines strategies for risk mitigation and examines several case studies of vulnerabilities found in social enterprise software solutions. It emphasizes that even large vendors can overlook application security and stresses the importance of verification testing.

Malware Analysis Made SimplePaul Melson

Malware analysis is important for responding quickly to security incidents and keeping costs down. Malware is the number one external threat and is adapting to evade traditional defenses like firewalls and antivirus software. When incidents do occur, organizations should have an in-house capability to analyze malware using free and open-source tools to understand the scope of infections and prevent recurrences.

Mitigating Malware Presentation Jkd 11 10 08 AitpJoann Davis

The document discusses trends in crimeware and techniques used to evade detection. It describes how legitimate websites can be compromised to deliver drive-by downloads and how obfuscation is used to circumvent signature-based detection. The document analyzes examples of infected servers harvesting login credentials and personal data from victims. It advocates for proactive inspection of web content to detect unknown threats unlike reactive signature-based approaches.

Prueba de Presentacionrubychavez

An inconvenient truth: Evading the Ransomware Protection in windows 10 @ Hack...Soya Aoyama

The WannaCry cyber-attack all over the world in May, 2017 is still fresh in our minds. The malware encrypted and rendered useless hundreds of thousands of computers in over 150 countries. As a measure against ransomware, Microsoft introduced the function "Ransomware protection" in "Windows 10 Fall Creators Update". How does this function work? Is it really effective? In this talk, I will explain the operation principles of "Controlled folder access" of"Ransomware protection" through demonstration video. Then I show the requirements to avoid this function, and describe that this function can be avoided very easily. And I will ask you that we may have to reconsider the definition of vulnerability.

Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...Alexander Benoit

AppLocker, Windows Information Protection, Device Guard, Windows Defender Application Guard- there are many ways to secure Windows 10. Not all ways are compatible with Enterprise requirements. In the session, we will have a look at what we are able to do and I will add some experiences from the field about what works well and what doesn’t. In addition, we will check how ConfigMgr can support us.

How to protect my cloud workload from Ransomware?Raphael Bottino

Cross Site Scripting (XSS)Barrel Software

This document discusses cross-site scripting (XSS) attacks against mobile applications. It defines XSS as a type of injection where malicious scripts are injected into trusted websites. The document describes three types of XSS attacks - reflected XSS, stored XSS, and DOM-based XSS. It provides examples of each type of attack and how attackers are able to execute scripts on a victim's machine by injecting code. The document concludes with recommendations for preventing XSS attacks, including validating all input data, encoding all output data, and setting the proper character encoding.

Day8madamewoolf

The document discusses AJAX, presentation layer security, and web attacks. It introduces AJAX, explaining that it uses asynchronous JavaScript and XML to improve performance by avoiding full page reloads and transferring smaller amounts of data. It then covers AJAX flow and the difference between postback and callbacks. Various web attacks are described like resource enumeration, parameter manipulation, cross-site scripting, and prevention techniques. AJAX security issues and how attacks differ for traditional vs. AJAX applications are also summarized. The document concludes with assigning a lab and mentioning references.

Cross Site ScriptingAli Mattash

Cross-Site Scripting (XSS) is a security vulnerability that allows malicious code to be injected into web pages viewed by other users. There are three main types of XSS attacks: non-persistent reflects the user's input back without filtering; persistent stores the input and displays it later to other users; and DOM-based exploits vulnerabilities in client-side scripts. XSS attacks are used to hijack user accounts, steal cookies, and conduct phishing scams. Developers can prevent XSS by sanitizing all user input, using encoding on untrusted fields, and keeping software updated.

Prevoty NYC Java SIG 20150730chadtindel

Prevoty provides a runtime application self-protection (RASP) solution that can automatically secure content, queries, and users in real-time from within applications. Prevoty addresses challenges like the inability of perimeter defenses to understand application context and the difficulty of keeping up with growing codebases and vulnerabilities. By instrumenting directly into application runtimes via language plugins, Prevoty can detect and block attacks while providing visibility into attacks, like the source IP, payload details, timestamp, and affected URL or SQL query. This real-time threat intelligence can then be shared with security tools like SIEMs, firewalls, and WAFs.

Advanced Malware Analysis Training Session 8 - Introduction to Androidsecurityxploded

Serverless security: defence against the dark artsYan Cui

AWS has taken over the responsibilities of patching the OS and securing the underlying physical infrastructure that runs your serverless application, so what’s left for you to secure? Quite a bit it turns out. The OWASP top 10 is as relevant to you as ever; DOS attacks are still a threat even if you can probably brute force your way through it as AWS auto-scales Lambda functions automatically; and did you know attackers can easily steal your AWS credentials via your application dependencies? In addition to the traditional threats, serverless applications have more granular deployment units and therefore there are more things to configure and secure, and the tools and practices are still catching up with this fast-changing world.

The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...Lumension

Hack miami emiliocasbasEmilio Casbas

End of Studies project: Malware Repsonse CenterAbdessabour Arous

Where There's Money, There's Crime: Web-based ThreatsAvast

Web security-–-everything-we-know-is-wrong-eoin-kearydrewz lin

AntiviruxssMarcusgcm

DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...Felipe Prado

Social Enterprise Rises! …and so are the Risks - DefCamp 2012DefCamp

Malware Analysis Made SimplePaul Melson

Mitigating Malware Presentation Jkd 11 10 08 AitpJoann Davis

Prueba de Presentacionrubychavez

An inconvenient truth: Evading the Ransomware Protection in windows 10 @ Hack...Soya Aoyama

Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...Alexander Benoit

How to protect my cloud workload from Ransomware?Raphael Bottino

Cross Site Scripting (XSS)Barrel Software

Day8madamewoolf

Cross Site ScriptingAli Mattash

Prevoty NYC Java SIG 20150730chadtindel

Advanced Malware Analysis Training Session 8 - Introduction to Androidsecurityxploded

Serverless security: defence against the dark artsYan Cui

More from BlueHat Security Conference (20)

BlueHat Seattle 2019 || The cake is a lie! Uncovering the secret world of mal...BlueHat Security Conference

Santiago Pontiroli With more than 2.5 billion gamers from all over the world, it's no wonder that at least a fraction of them would bring into action additional tools to gain an unfair advantage over their opponents in the virtual world. This is one of the many reasons behind the existence and rapid growth of a multi-million dollar industry that thrives on selling cheats, hacks and modifications to desperate gamers seeking to gain the upper hand in their next match. Let's dissect these tools and understand how modern games and anti-cheating technologies can be easily bypassed, all while we get a glimpse of the dubious market and supporting crews that develop, sell, and maintain the commodities in this illegal economy. It's not unusual for cheats to be more expensive than the actual games they are trying to profit from, or for players to buy a single title over and over until they can avoid being banned by the protective measures implemented in the first place. Fortnite? Overwatch? League of Legends? If you've heard about these games but you don't know what an aim-bot, a wall-hack, or an ESP means, then you might finally understand why all those competitive matches you played have made you feel like a fish out of water. Join me in this presentation and learn the inside-out of an industry that has remained in the shadows for a very long time. I will be presenting real world cheats used by gamers worldwide that in some cases closely mimic techniques that would rival numerous advanced threat actors in the malware ecosystem. Game over? Maybe not….

BlueHat Seattle 2019 || KeynoteBlueHat Security Conference

This document discusses some fundamental problems in technology, including a lack of empathy and diversity in teams, an overvaluation of complexity, and misaligned incentives that prioritize growth and headlines over minimizing real-world harm. It argues that technology companies have not been proactively honest about downsides and have failed to learn from past mistakes. Some recommendations are made, including emphasizing empathy and diversity to better predict harm, shifting risk ownership, adjusting incentives away from complexity and towards harm prevention, and teaching these lessons in computer science education.

BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One StoryBlueHat Security Conference

Tony Chen Every game console since the first Atari was more or less designed to prevent the piracy of games and yet every single game console has been successfully modified to enable piracy. However, this trend has come to an end. Both the Xbox One and the PS4 have now been on the market for close to 6 years, without hackers being able to crack the system to enable piracy or cheating. This is the first time in history that game consoles have lasted this long without being cracked. In this talk, we will discuss how we achieved this for the Xbox One. We will first describe the Xbox security design goals and why it needs to guard against physical attacks, followed by descriptions of the hardware and software architecture to keep the Xbox secure. This includes details about the custom SoC we built with AMD and how we addressed the fact that all data read from flash, the hard drive, and even DRAM cannot be trusted. We will also discuss the corresponding software changes needed with the custom hardware to keep the system and the games secure against physical attacks.

BlueHat Seattle 2019 || Kubernetes Practical Attack and DefenseBlueHat Security Conference

Jay Beale We will attack a real Kubernetes cluster called Bust-a-Kube, which was released in 2019 as a free learning tool. The demonstration will start by compromising a real application running in a Kubernetes pod's container, gaining low privileged remote code execution inside that container. Next, we will explore what that compromised container can see on the cluster, finding the boundaries of its privileges. We will move laterally from that container to attack microservices on the cluster, gaining remote code execution in other containers, with higher privilege. We'll find that one of those can interfere with a final highest-privilege container. That highest privilege container will permit us to abuse the Kubernetes API to compromise the entire cluster. This demonstration will involve graphic "flags," allowing attendees to repeat the attack afterward as a downloadable solitaire "capture the flag" game. We'll then discuss and perform a second demo to teach defenses, working backward to defeat necessary steps in the first demo's chain of attacks. We'll demonstrate using pod security policies to force an AppArmor profile onto any pod (container) being deployed. We'll show how volume whitelists can block an attack, then demonstrate an evasion that defeats this defense. We'll then weaken this attack with root capability limits and AppArmor. We'll demonstrate an attack path where a bad actor can use a low-privilege Kubernetes cluster compromise to abuse the cloud provider APIs. This, in turn, leads to compromising the Kubernetes cluster more fully. We'll discuss how to break this attack using a cloud metadata API security feature that's Kubernetes-specific. In the course of these demonstrations, we'll conduct the attacks both manually and with an open source attack tool called Peirates. Finally, we'll discuss defenses that we did not use, including seccomp syscall whitelists, read-only root filesystems, and freely-available service meshes.

BlueHat Seattle 2019 || Open Source Security, vulnerabilities never come aloneBlueHat Security Conference

Nico Waisman Open source has won and is here to stay, but it comes with challenges. Open Source security is one of them that we face as an industry. We all consume it but what about its code quality, security practices, … Over the last 3 months, Github's Semmle Security Research Team has been triaging all open source CVEs and engaging on a subset of those performing variant analysis trying to uncover what it was missed. During this talk we will present some of these cases where we used QL to perform variant analysis, in addition to some others where we performed the full research (seed vulnerability and variant analysis) such as u-boot.

BlueHat Seattle 2019 || Modern Binary Analysis with ILsBlueHat Security Conference

Jordan Wiens & Peter LaFosse Modern binary analysis, whether for discovering vulnerabilities or analyzing malware needs automation to deal with the volume of code under inspection. And yet, while Intermediate Languages (ILs) have been used for decades in compiler design and implementation, too few reverse engineers have any experience with them even though many reverse engineering tools (Binary Ninja, Ghidra, IDA) are built on top of ILs. Given that, it's time to demystify this space and make it accessible beyond just computer scientists and researchers. There's many potentially unfamiliar concepts related to ILs: single-static assignment, value-set analysis, three argument form versus tree-based designs, and others. But what matters is how these ILs can help you build better binary analysis tools. This talk not only gives you an overview of existing ILs used in reverse engineering, but more importantly, shows you how your tooling can benefit from them. From cross-platform analysis (follow a botnet from an x86-64 desktop to a mobile arm, to an embedded MIPS), to leveraging existing data-flow capabilities that brings some of the benefits both dynamic and static analysis together, this talk will demonstrate several examples of plugins that leverage ILs to improve your ability to automatically reason over compiled code.

BlueHat Seattle 2019 || Don't forget to SUBSCRIBE.BlueHat Security Conference

Elvis Collado This talk is about how an unauthenticated heap-based buffer overflow vulnerability was discovered and exploited within a router distributed by a market-leading ISP. Despite the targeted process utilizing mitigations such as DEP and ASLR, it still fell prey to known exploitation techniques. This talk will go over the thought process, failures, and road-blocks that were encountered and how they were overcame.

BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Security Conference

Dirk-jan Mollema How does one research the cloud? With solutions such as Azure AD and Office 365, the underlying platform architecture and designs are not publicly documented or accessible in the same way as on-premise. This makes analyzing the security of the platform harder for external researchers. In this talk I will explain the journey and discoveries of a year of trying to understand Azure AD, including the vulnerabilities discovered in the process. This ranges from gathering information about Azure AD via undocumented APIs to installing invisible backdoors and escalating privileges via limited roles or via the link with on-premise. While some of these vulnerabilities have been resolved, several of these are unintended consequences of Azure AD's architecture and thus are important to consider when evaluating the security of your Azure AD environment. A basic understanding of Azure AD, Office 365 and its terminology is assumed for this talk.

BlueHat Seattle 2019 || Autopsies of Recent DFIR InvestigationsBlueHat Security Conference

John-Luke Peck This presentation will review in hindsight and retrospect several recent incident response engagements performed over the last 12 months by a 3rd-party (non-Microsoft affiliated) security and incident response services provider. During the talk the presenter will review what went well and what did not go well during the various engagements, with a particular focus on the data, services , and support available from Microsoft & Office365/AzureAD, and how they were and were not able to be leveraged during the various engagements. This will include a focus on areas where: * Necessary data was not available because the client had not taken, or were unaware of the need to take, steps to enable collection of the data * The data & services available were successfully used during response efforts The presentation will highlight: * Lessons learned about Office365/AzureAD and Incident Response * How Office365, AzureAD, and ATP services and data were used in the response efforts * Recommendations for Office365/AzureAD tenants to improve their security & IR capabilities /before/ an incident occurs All presented examples and incidents will be de-identified to maintain and protect privacy and operational security. What this is NOT: * A service provider's sales presentation

BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...BlueHat Security Conference

Li Chen & Ravi Sahita In this talk, we juxtapose the resiliency and trustworthiness of composition of DL and classical ML algorithms for security, via a case study of evaluating the resiliency of ransomware detection via the generative adversarial network (GAN). We propose to use GAN to automatically produce dynamic features that exhibit generalized malicious behaviors that can reduce the efficacy of black-box ransomware classifiers. We examine the quality of the GAN-generated samples by comparing the statistical similarity of these samples to real ransomware and benign software. Further we investigate the latent subspace where the GAN-generated samples lie and explore reasons why such samples cause a certain class of ransomware classifiers to degrade in performance. The automatically generated adversarial samples can then be fed into the training set to reduce the blind spots of the detectors. There has been a surge of interest in using machine learning (ML) particularly deep learning (DL) to automatically detect malware through their dynamic behaviors. These approaches have achieved significant improvement in detection rates and lower false positive rates at large scale compared with traditional malware analysis methods. ML in threat detection has demonstrated to be a good cop to guard platform security. However it is imperative to evaluate - is ML-powered security resilient enough? To generate reliable traces of system activity, we can utilize CPU-based telemetry such as Intel Processor Trace which can be extracted via a hypervisor without guest instrumentation. We advocate that file I/O events extracted from Intel processor trace together with algorithmic improvements have shown potential stronger defense in ML -based model deployment in the wild to combat ransomware attack. Our results and discoveries should pose relevant questions for defenders such as how ML models can be made more resilient for robust enforcement of security objectives.

BlueHat Seattle 2019 || Are We There Yet: Why Does Application Security Take ...BlueHat Security Conference

This document summarizes the findings of Veracode's 10th annual State of Software Security report. The report is based on scan data from over 85,000 applications assessed between April 2018 and March 2019. Key findings include: (1) Most security flaws are eventually fixed but fix times have remained consistent, (2) The likelihood of flaws being fixed decreases over time leading to growing "security debt", (3) Frequent scanning correlated with faster fix times and lower security debt indicating the benefits of DevSecOps practices. The data suggests security testing automation still lags DevOps adoption and developers prioritize recent flaws over severity.

BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...BlueHat Security Conference

Anamitra Dutta Majumdar & Anubhav Saini Increasing adoption of Machine Learning and Artificial Intelligence by data-driven organizations like LinkedIn is posing some important challenges related to data security and privacy. On the one hand, member data is an asset that unlocks unlimited business potential whereas, on the other hand, the consumption of the data must happen in a secure and privacy-preserving manner. This poses an interesting challenge for security and operations teams in the organization. In this presentation, we will walk through all the well-known use cases of machine learning at LinkedIn and also the phases of a machine learning pipeline. We will identify key security gaps and the corresponding security controls to address the gaps at each phase of any machine learning pipeline. The associated scalability and operational challenges for the application of security control will be explained. Controls in each phase would be put into the perspective of the Productive Machine Learning pipeline phases being built at LinkedIn There will be a section on how Blueshift will impact the application of security controls once compute and data have been decoupled. By the end of the talk, we would have described what a secure machine learning pipeline looks like and what are the key security patterns to be put in place to secure the pipeline.

BlueHat v18 || First strontium uefi rootkit unveiledBlueHat Security Conference

Jean-Ian Boutin, ESET Frédéric Vachon, ESET BIOS rootkits have been researched and discussed heavily in the past few years, but sparse evidence has been presented of real campaigns actively trying to compromise a system at this level. Our talk will reveal such a campaign successfully executed by STRONTIUM. Earlier this year, there was a public report stating that the infamous Sofacy/APT28/Sednit APT group successfully trojanized a userland LoJack agent and used it against their targets. LoJack, a controversial anti-theft software, was scrutinized by security researchers in the past because of its unusual persistence method: a module preinstalled in many computers' UEFI/BIOS software. Several security risks were found through the years in their product, but no large in-the-wild activity was ever detected until the discovery of the STRONTIUM group leveraging some of these vulnerabilities affecting the userland agent. However, through our research, we now know that they did not stop there: they also tried, and succeeded, in installing a custom UEFI module directly in the systems' SPI flash memory. In this talk, we will detail the full infection chain showing how STRONTIUM was able to install their custom UEFI module on key targets' computers. Additionally, we will provide an in-depth analysis of their UEFI module and the associated trojanized LoJack agent.

BlueHat v18 || WSL reloaded - Let's try to do better fuzzingBlueHat Security Conference

The document discusses the internals of syzkaller, an in-kernel fuzzer for finding bugs. It explains that syzkaller sprays large allocations across memory pages to leave small holes, then sprays the targeted object to fill one of the holes and have the target in front of the spray. This allows the target object to be found and used for exploitation. It also provides statistics on the types of bugs found by syzkaller, with most being exploitable bugs or crashes/stability issues found through fuzzing kernel interfaces.

BlueHat v18 || The hitchhiker's guide to north korea's malware galaxyBlueHat Security Conference

Christiaan F Beek, McAfee Jay Rosenberg, Intezer Labs The Lazarus, Silent Chollima, Group 123, Hidden Cobra, DarkSeoul, Blockbuster, Operation Troy, 10 Days of Rain attacks are all believed to originate from North Korea. But how can they be attributed with certainty? And what connection does a DDoS and disk wiping attack from July 4 2009, have with WannaCry, one of the largest cyber-attacks in the history of the cyber-sphere? We have conducted a comparative research over more than 10 years of malware and tools being used by North Korean adversaries. The results were intriguing and we will share our discoveries but also hunt tactics during our talk. We discovered new links between campaigns and were able to group malware families towards actor groups and discovere interesting patterns.

BlueHat v18 || Retpoline - the anti-spectre (type 2) mitigation in windowsBlueHat Security Conference

Andrea Allievi, Microsoft Spectre and Meltdown CPU have been one of the biggest security problem of the year 2018. Mitigations have already been delivered to the customers by both CPU manufacturers and OS developers. While the mitigations for Spectre type 1 and Meltdown have been successfully delivered, the mitigation for Spectre type 2, Retpoline, has been deferred for various problems. This talk will describe the implementation details of Retpoline in Windows 10 (19H1) and all the problem that we faced while testing it. Designing Retpoline has requested the collaboration of different teams in Microsoft, especially between the Kernel and the Compiler team. This talk will explain how we overcame all the implementation issues and allow all the involved Windows Kernel components to work with Retpoline in a retro-compatible way. At the end we will analyze the performance issues and explain how the Kernel team has found a solution for them

BlueHat v18 || Memory resident implants - code injection is alive and wellBlueHat Security Conference

Luke Jennings, Countercept Attackers have been avoiding disk and staying memory resident for over a decade and this has traditionally proven an Achilles heels for security products and the teams that operate them. The boom in both EDR products and memory forensics toolkits in more recent years have helped defenders to fight back but attackers are already adapting their approaches. This talk will cover both classic and modern techniques for injecting code into legitimate processes on Microsoft Windows systems, as well as several techniques for detecting them. This will include both system tracing methods, good for proactive detection, as well as memory analysis techniques that have the added benefit of allow detection of pre-existing compromises in real-world incident response scenarios, with a brief case study example. As part of this, practical examples will be given showing how Microsoft’s ATP and Sysmon help in this area as well as other techniques. Finally, the future of this area will be considered, including how the .NET runtime already complicates detection techniques in this area and how this will likely become increasingly challenging as more attackers discover and exploit this. By the end of the talk, the audience should understand the importance of code injection in the context of memory-resident implants, the key techniques for performing it and detecting it and the challenges of achieving this in the real-world at enterprise scale.

BlueHat v18 || Massive scale usb device driver fuzz without deviceBlueHat Security Conference

Zhuo Ma, Tencent USB is one of the most common interface supported on modern computer. Modern OSes offer tons of USB drivers to support frequently used USB device classes. For other 3rd party USB device, Microsoft provide automatic driver downloading and installation via Windows AutoUpdate Service. In this talk, we consider this as a novel attacking surface exposed by Windows. We are trying to assess the vulnerability in those USB drivers provided via Windows AutoUpdate Service, which can be automatic installed and run after device plugged in. Obviously, these drivers are all designed for real USB device, which have to talk to device during running. So, the biggest obstacle for assessing these drivers is we can not prepare real USB devices for all of these drivers. To overcome this, We developed a system to emulate these USB device, further, we are trying to fuzz these drivers against our emulated USB device. By using this system, we can fuzz device drivers without the real USB device. In further, we can also precisely fuzz every stage of driver loading. We can feed any custom data to the drivers to trigger vulnerabilities. Also, this system supports IO Control Code fuzz as well. And all in all, all of this progress can be done automatically. We tested about 6000 drivers, yielded hundreds of crash by fuzzing. IO Control Fuzz also gave a reasonable result. We are going to divide our talk into three parts: the first part is about how we get the list of automatic installed USB drivers, and how to analyze these drivers in automatic ways; the second part is about the fuzzing system we designed, including the architecture of system, ways to emulating devices, key points for designing; the last part will show some vulnerabilities we found by this system.

BlueHat v18 || Modern day entomology - examining the inner workings of the bu...BlueHat Security Conference

The document discusses the modern zero-day exploit market and economy. It describes how vulnerabilities are found by researchers and sold through brokers to various parties, including governments, criminals, and exploit kit creators. It also outlines trends in the market, such as the impact of new mitigations, regulations, and events like Pwn2Own on the sale of exploits. Finally, it shares some examples of vulnerabilities the Zero Day Initiative has helped patch and the conclusion encourages questions.

BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat Security Conference

Ross Bevington, Microsoft In ‘The Matrix’ sentient machines subdue the population by developing a highly sophisticated simulation. High interaction honeypots are a lot like The Matrix, designed to convince an attacker to execute an attack so we can monitor them. But these honeypots are flawed! Attackers are continually adapting in order to evade our defenses - meaning that it’s often not enough to just set up a honeypot and watch the results roll in. Is a new approach better? Did you know that 40% of IaaS VMs in Azure are Linux? For Microsoft to protect itself and its customers Linux is a priority. At MSTIC we’ve developed a new type of Linux honeypot that allows us to deceive and control the behavior of an attacker. We are using this to understand the person behind the attack, examining them as they examine us. Using these techniques, we are able to better track the person behind the threat, build better protections and ultimately protect more Linux users - whether they are using Azure or not. In this presentation I’ll show some of the successes of running a Matrix like environment, failures where a glitch was spotted as well as deception approaches that could be applied to other domains. Finally I’ll show how easy it is to leverage Azure’s big data capabilities to build and ultimately query all this data at scale as well as how you can immediately reap the benefits of this work by connecting your Linux box to Azure Security Center.

BlueHat Seattle 2019 || The cake is a lie! Uncovering the secret world of mal...BlueHat Security Conference

BlueHat Seattle 2019 || KeynoteBlueHat Security Conference

BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One StoryBlueHat Security Conference

BlueHat Seattle 2019 || Kubernetes Practical Attack and DefenseBlueHat Security Conference

BlueHat Seattle 2019 || Open Source Security, vulnerabilities never come aloneBlueHat Security Conference

BlueHat Seattle 2019 || Modern Binary Analysis with ILsBlueHat Security Conference

BlueHat Seattle 2019 || Don't forget to SUBSCRIBE.BlueHat Security Conference

BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Security Conference

BlueHat Seattle 2019 || Autopsies of Recent DFIR InvestigationsBlueHat Security Conference

BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...BlueHat Security Conference

BlueHat Seattle 2019 || Are We There Yet: Why Does Application Security Take ...BlueHat Security Conference

BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...BlueHat Security Conference

BlueHat v18 || First strontium uefi rootkit unveiledBlueHat Security Conference

BlueHat v18 || WSL reloaded - Let's try to do better fuzzingBlueHat Security Conference

BlueHat v18 || The hitchhiker's guide to north korea's malware galaxyBlueHat Security Conference

BlueHat v18 || Retpoline - the anti-spectre (type 2) mitigation in windowsBlueHat Security Conference

BlueHat v18 || Memory resident implants - code injection is alive and wellBlueHat Security Conference

BlueHat v18 || Massive scale usb device driver fuzz without deviceBlueHat Security Conference

BlueHat v18 || Modern day entomology - examining the inner workings of the bu...BlueHat Security Conference

BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat Security Conference

Recently uploaded (20)

Cybersecurity Identity and Access Solutions using Azure ADVICTOR MAESTRE RAMIREZ

Procurement Insights Cost To Value Guide.pptxJon Hansen

Quantum Computing Quick Research Guide by Arthur MorganArthur Morgan

This is a Quick Research Guide (QRG). QRGs include the following: - A brief, high-level overview of the QRG topic. - A milestone timeline for the QRG topic. - Links to various free online resource materials to provide a deeper dive into the QRG topic. - Conclusion and a recommendation for at least two books available in the SJPL system on the QRG topic. QRGs planned for the series: - Artificial Intelligence QRG - Quantum Computing QRG - Big Data Analytics QRG - Spacecraft Guidance, Navigation & Control QRG (coming 2026) - UK Home Computing & The Birth of ARM QRG (coming 2027) Any questions or comments? - Please contact Arthur Morgan at [email protected]. 100% human made.

UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPathCommunity

Join this UiPath Community Berlin meetup to explore the Orchestrator API, Swagger interface, and the Test Manager API. Learn how to leverage these tools to streamline automation, enhance testing, and integrate more efficiently with UiPath. Perfect for developers, testers, and automation enthusiasts! 📕 Agenda Welcome & Introductions Orchestrator API Overview Exploring the Swagger Interface Test Manager API Highlights Streamlining Automation & Testing with APIs (Demo) Q&A and Open Discussion Perfect for developers, testers, and automation enthusiasts! 👉 Join our UiPath Community Berlin chapter: https://community.uipath.com/berlin/ This session streamed live on April 29, 2025, 18:00 CET. Check out all our upcoming UiPath Community sessions at https://community.uipath.com/events/.

What is Model Context Protocol(MCP) - The new technology for communication bw...Vishnu Singh Chundawat

The MCP (Model Context Protocol) is a framework designed to manage context and interaction within complex systems. This SlideShare presentation will provide a detailed overview of the MCP Model, its applications, and how it plays a crucial role in improving communication and decision-making in distributed systems. We will explore the key concepts behind the protocol, including the importance of context, data management, and how this model enhances system adaptability and responsiveness. Ideal for software developers, system architects, and IT professionals, this presentation will offer valuable insights into how the MCP Model can streamline workflows, improve efficiency, and create more intuitive systems for a wide range of use cases.

Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Impelsys Inc.

Into The Box Conference Keynote Day 1 (ITB2025)Ortus Solutions, Corp

AI and Data Privacy in 2025: Global TrendsInData Labs

In this infographic, we explore how businesses can implement effective governance frameworks to address AI data privacy. Understanding it is crucial for developing effective strategies that ensure compliance, safeguard customer trust, and leverage AI responsibly. Equip yourself with insights that can drive informed decision-making and position your organization for success in the future of data privacy. This infographic contains: -AI and data privacy: Key findings -Statistics on AI data privacy in the today’s world -Tips on how to overcome data privacy challenges -Benefits of AI data security investments. Keep up-to-date on how AI is reshaping privacy standards and what this entails for both individuals and organizations.

tecnologias de las primeras civilizaciones.pdffjgm517

Technology Trends in 2025: AI and Big Data AnalyticsInData Labs

At InData Labs, we have been keeping an ear to the ground, looking out for AI-enabled digital transformation trends coming our way in 2025. Our report will provide a look into the technology landscape of the future, including: -Artificial Intelligence Market Overview -Strategies for AI Adoption in 2025 -Anticipated drivers of AI adoption and transformative technologies -Benefits of AI and Big data for your business -Tips on how to prepare your business for innovation -AI and data privacy: Strategies for securing data privacy in AI models, etc. Download your free copy nowand implement the key findings to improve your business.

AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...Alan Dix

Talk at the final event of Data Fusion Dynamics: A Collaborative UK-Saudi Initiative in Cybersecurity and Artificial Intelligence funded by the British Council UK-Saudi Challenge Fund 2024, Cardiff Metropolitan University, 29th April 2025 https://alandix.com/academic/talks/CMet2025-AI-Changes-Everything/ Is AI just another technology, or does it fundamentally change the way we live and think? Every technology has a direct impact with micro-ethical consequences, some good, some bad. However more profound are the ways in which some technologies reshape the very fabric of society with macro-ethical impacts. The invention of the stirrup revolutionised mounted combat, but as a side effect gave rise to the feudal system, which still shapes politics today. The internal combustion engine offers personal freedom and creates pollution, but has also transformed the nature of urban planning and international trade. When we look at AI the micro-ethical issues, such as bias, are most obvious, but the macro-ethical challenges may be greater. At a micro-ethical level AI has the potential to deepen social, ethnic and gender bias, issues I have warned about since the early 1990s! It is also being used increasingly on the battlefield. However, it also offers amazing opportunities in health and educations, as the recent Nobel prizes for the developers of AlphaFold illustrate. More radically, the need to encode ethics acts as a mirror to surface essential ethical problems and conflicts. At the macro-ethical level, by the early 2000s digital technology had already begun to undermine sovereignty (e.g. gambling), market economics (through network effects and emergent monopolies), and the very meaning of money. Modern AI is the child of big data, big computation and ultimately big business, intensifying the inherent tendency of digital technology to concentrate power. AI is already unravelling the fundamentals of the social, political and economic world around us, but this is a world that needs radical reimagining to overcome the global environmental and human challenges that confront us. Our challenge is whether to let the threads fall as they may, or to use them to weave a better future.

Big Data Analytics Quick Research Guide by Arthur MorganArthur Morgan

Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Aqusag Technologies

TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc

Most consumers believe they’re making informed decisions about their personal data—adjusting privacy settings, blocking trackers, and opting out where they can. However, our new research reveals that while awareness is high, taking meaningful action is still lacking. On the corporate side, many organizations report strong policies for managing third-party data and consumer consent yet fall short when it comes to consistency, accountability and transparency. This session will explore the research findings from TrustArc’s Privacy Pulse Survey, examining consumer attitudes toward personal data collection and practical suggestions for corporate practices around purchasing third-party data. Attendees will learn: - Consumer awareness around data brokers and what consumers are doing to limit data collection - How businesses assess third-party vendors and their consent management operations - Where business preparedness needs improvement - What these trends mean for the future of privacy governance and public trust This discussion is essential for privacy, risk, and compliance professionals who want to ground their strategies in current data and prepare for what’s next in the privacy landscape.

Special Meetup Edition - TDX Bengaluru Meetup #52.pptxshyamraj55

Drupalcamp Finland – Measuring Front-end Energy ConsumptionExove

Complete Guide to Advanced Logistics Management Software in Riyadh.pdfSoftware Company

Explore the benefits and features of advanced logistics management software for businesses in Riyadh. This guide delves into the latest technologies, from real-time tracking and route optimization to warehouse management and inventory control, helping businesses streamline their logistics operations and reduce costs. Learn how implementing the right software solution can enhance efficiency, improve customer satisfaction, and provide a competitive edge in the growing logistics sector of Riyadh.

Build Your Own Copilot & Agents For DevsBrian McKeiver

Mobile App Development Company in Saudi ArabiaSteve Jonas

EmizenTech is a globally recognized software development company, proudly serving businesses since 2013. With over 11+ years of industry experience and a team of 200+ skilled professionals, we have successfully delivered 1200+ projects across various sectors. As a leading Mobile App Development Company In Saudi Arabia we offer end-to-end solutions for iOS, Android, and cross-platform applications. Our apps are known for their user-friendly interfaces, scalability, high performance, and strong security features. We tailor each mobile application to meet the unique needs of different industries, ensuring a seamless user experience. EmizenTech is committed to turning your vision into a powerful digital product that drives growth, innovation, and long-term success in the competitive mobile landscape of Saudi Arabia.

DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxJustin Reock

Building 10x Organizations with Modern Productivity Metrics 10x developers may be a myth, but 10x organizations are very real, as proven by the influential study performed in the 1980s, ‘The Coding War Games.’ Right now, here in early 2025, we seem to be experiencing YAPP (Yet Another Productivity Philosophy), and that philosophy is converging on developer experience. It seems that with every new method we invent for the delivery of products, whether physical or virtual, we reinvent productivity philosophies to go alongside them. But which of these approaches actually work? DORA? SPACE? DevEx? What should we invest in and create urgency behind today, so that we don’t find ourselves having the same discussion again in a decade?