Вивисекция: анатомия ботнета из маршрутизаторов

•

1 j'aime•456 vues

Заполучить интернет-трафик, подготовить инфраструктуру для эксплойтов и dropzone, арендовать «пуленепробиваемый» хостинг, зашифровать вредоносный бинарный файл, чтобы его не смогло обнаружить большинство антивирусов, построить продвинутые протоколы управления, запустить C2 и постоянно прятаться за несколькими комбинированными слоями VPN, SSH и прокси, — и все ради того, чтобы обеспечить свою безопасность. Куча забот! Если вы хотите создать собственный ботнет, вам рано или поздно придется столкнуться со всем этим. Но что, если есть более простой способ?..

Technologie

Live dissection  
anatomy of router based botnet
Ilya Nesterov 
Maxim Goncharov

Ilya Nesterov Maxim Goncharov (c) 2017
Who we are?
Ilya Nesterov Max Goncharov

Ilya Nesterov Maxim Goncharov (c) 2017
We have presented on PHDays ‘13

Ilya Nesterov Maxim Goncharov (c) 2017
What do you need to build a botnet?

Ilya Nesterov Maxim Goncharov (c) 2017
What if?

Ilya Nesterov Maxim Goncharov (c) 2017
What if... 
you know weak point?

Ilya Nesterov Maxim Goncharov (c) 2017
Billions of http requests

Ilya Nesterov Maxim Goncharov (c) 2017
Looking into the trafﬁc

Ilya Nesterov Maxim Goncharov (c) 2017
ВТФ? All the same SSH keys?

Ilya Nesterov Maxim Goncharov (c) 2017
Apricot Botnet
37.252.[ ].[ ]

Ilya Nesterov Maxim Goncharov (c) 2017
Honey Pot
The need of Honeypot!
Use the same key pair
Use similar geolocation
Find cheap VPS

Ilya Nesterov Maxim Goncharov (c) 2017
The device

Ilya Nesterov Maxim Goncharov (c) 2017
Honey Pot: trafﬁc source

Ilya Nesterov Maxim Goncharov (c) 2017
Honey Pot: trafﬁc destination

Ilya Nesterov Maxim Goncharov (c) 2017
Honey Pot: traget IPs and ports

Ilya Nesterov Maxim Goncharov (c) 2017
Honey Pot

Ilya Nesterov Maxim Goncharov (c) 2017
Connections from MIRAI infrastructure

Ilya Nesterov Maxim Goncharov (c) 2017
How about more fun?

Ilya Nesterov Maxim Goncharov (c) 2017
More attacks

Ilya Nesterov Maxim Goncharov (c) 2017
Let’s ﬁnd out something
PSV-2016-0256: Command Injection in WNR2000v5 - N300 WiFi Router.

Ilya Nesterov Maxim Goncharov (c) 2017
Wait! But how did we missed this?
CVE-2016-10174, CVE-2016-10175, and CVE-2016-10176
Affect: WNR2000v5, WNR2000v4, WNR2000v3

Ilya Nesterov Maxim Goncharov (c) 2017
Wait! But how did we missed this?
Affect: R6250, R6400, R6700, R6900, R7000, R7100LG,
R7300DST, R7900, R8000, D6220, D6400

Ilya Nesterov Maxim Goncharov (c) 2017
So what?
This vulnerability occurs when an attacker has access to the internal network or when
remote management is enabled on the router. Remote management is turned off by default, so
a user must have affirmatively turned on remote management through advanced settings for the router to be vulnerable in this
manner.

Ilya Nesterov Maxim Goncharov (c) 2017
Just go to Shodan

Ilya Nesterov Maxim Goncharov (c) 2017
Netgear results

Ilya Nesterov Maxim Goncharov (c) 2017
Netgear results
131 uses (1.7%) latest FW, but default credentials

Ilya Nesterov Maxim Goncharov (c) 2017
MikroTik

Ilya Nesterov Maxim Goncharov (c) 2017
Vault 7: CIA Hacking Tools Revealed
March 7th, 2017

Ilya Nesterov Maxim Goncharov (c) 2017
MikroTik
UPDATE 2: v6.38.5 and 6.39rc49 has been released, this version ﬁxes the vulnerabilities outlined in
the above documents, and cleans any ﬁles installed by the tools described.
Statement on Vault 7 document release

Ilya Nesterov Maxim Goncharov (c) 2017
Why this is a problem?
NETGEAR R8XXX

Ilya Nesterov Maxim Goncharov (c) 2017
Why this is a problem?
NETGEAR WRN2000
NETGEAR R8XXX

Ilya Nesterov Maxim Goncharov (c) 2017
Why this is a problem?
NETGEAR WRN2000
NETGEAR R6XXX NETGEAR R8XXX

Ilya Nesterov Maxim Goncharov (c) 2017
Why this is a problem?
NETGEAR WRN2000
NETGEAR R6XXX NETGEAR R7XXXNETGEAR R8XXX

Ilya Nesterov Maxim Goncharov (c) 2017
Why this is a problem?
NETGEAR WRN2000
NETGEAR R6XXX NETGEAR R7XXXNETGEAR R8XXX
MikroTik

Ilya Nesterov Maxim Goncharov (c) 2017
Why this is a problem?
NETGEAR WRN2000
NETGEAR R6XXX NETGEAR R7XXXNETGEAR R8XXX
MikroTik HACKED-ROUTER-HELP-SOS-
HAD-DUPE-PASSWORD

Ilya Nesterov Maxim Goncharov (c) 2017
an Apricot device
37.252.[ ].[ ]

Ilya Nesterov Maxim Goncharov (c) 2017
See! They are on a market!

Ilya Nesterov Maxim Goncharov (c) 2017
What can we do about it?
- Educate
- Make noise
- Find more vulnerabilities
- Make a map

Ilya Nesterov Maxim Goncharov (c) 2017
Questions?

Ilya Nesterov Maxim Goncharov (c) 2017
Thanks!

Contenu connexe

Similaire à Вивисекция: анатомия ботнета из маршрутизаторов

Riot Games is a high-paced dynamic environment with many groups striving to release new content, features, and tools. Riot runs League of Legends, one of the biggest online multiplayer games, and uses AWS to host many complex sites that service millions of players everyday. In this session, Riot Games talks about the evolution of their management practice on AWS over the past two years, some lessons learned the hard way, and where they hope to be in the future. Key topics include: SSO (Single-Sign On) integration with IAM roles High-level AWS architecture (How to make it easy on your organization) VPC design, centralization, and simplification DevOps tooling and automation How and why we use Auto Scaling

(GAM304) How Riot Games re:Invented Their AWS Model | AWS re:Invent 2014

Amazon Web Services

Making decisions today for tomorrow's technology—from DNS to AWS Direct Connect, ELBs to ENIs, VPCs to VPNs, the Cloud Network Engineering team at Netflix are resident subject matter experts for a myriad of AWS resources. Learn how a cross-functional team automates and manages an infrastructure that services over 125 million customers while evaluating new features that enable us to continue to grow through our next 100 million customers and beyond.

Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...

Amazon Web Services

MidoNet Trouble Shooting – OpenStack最新情報セミナー 2015年4月

VirtualTech Japan Inc.

Microservices sind im Wesentlichen ein paar hippe JavaScript Frameworks und eine schicke Single-Page-App mit AngularJS oder React, oder? Wenn du also absolut sicher sein willst, dass dein nächstes Microservice Projekt scheitert, dann komm in diesen Vortrag und lerne wie. Anhand echter Erfahrung aus mehreren Brownfield und Greenfield Projekten zeige ich: - wie du die notwendigen organisatorischen Einflüsse ignorierst - wie du Operations wahnsinnig machst, sowohl durch unreife Technologien als auch durch last-minute Monitoring - wie du auch ohne Continuous Delivery fehlerhafte Software rasch releasen kannst - wie du auch einfachste CRUD Anwendungen mit hyper-komplexen Architekturen zum Scheitern bringst - …und vieles mehr Wenn du diese Tipps beachtest, wird dein Chef nie wieder auf die Idee kommen, seine IT zu modernisieren und du kannst weiterhin deinen geliebten Monolithen pflegen.

10 Tips for failing at microservices - badly (BedCon 2017)

David Schmitz

Artem Melnytskyi "Friendly Сo-pilot as a Practical AI Application"

LogeekNightUkraine

Neo4j GraphSummit Copenhagen - The path to success with Graph Database and Gr...

Neo4j

March.2012.KinectForWindows

Reuben Ahmed

Adding IPv6 to the application layer

Koichi Taniguchi

Experiences with Power 9 at A*STAR CRC

Ganesan Narayanasamy

44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick. Hardware hacks tend to focus on low-speed (jtag, uart) and external (network, usb) interfaces, and PCI Express is typically neither. After a crash course in PCIe Architecture, we’ll demonstrate a handful of hacks showing how pull PCIe outside of your system case and add PCIe slots to systems without them, including embedded platforms. We’ll top it off with a demonstration of SLOTSCREAMER, an inexpensive device that’s part of the NSA Playset which we’ve configured to access memory and IO, cross-platform and transparent to the OS - all by design with no 0-day needed. The open hardware and software framework that we will release will expand your Playset with the ability to tinker with DMA attacks to read memory, bypass software and hardware security measures, and directly attack other hardware devices in the system.

44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick

44CON

IoT - the Next Wave of DDoS Threat Landscape

APNIC

Tech w22

SelectedPresentations

IBOSEC-3000-2.pdf

Andrew Benhase

Building application in a "Microfrontends" way - Matthias Lauf *XConf Manchester

Thoughtworks

Information security is ever evolving, and Android's security posture is no different. Android users faces threats from a variety of sources, from the mundane to the extraordinary. Lost and stolen devices, malware attacks, rooting vulnerabilities, malicious websites, and nation state attackers are all within the Android threat model, and something the Android Security Team deals with daily. In this talk, we will cover the threats facing Android users, using both specific examples from previous Black Hat conferences and published research, as well as previously unpublished threats. For the threats, we will go into the specific technical controls which contain the vulnerability, as well as newly added Android N security features which defend against future unknown vulnerabilities. Finally, we'll discuss where we could go from here to make Android, and the entire computer industry, safer. (Source: Black Hat USA 2016, Las Vegas)

The Art of defence: How vulnerabilites help shape security features and mitig...

Priyanka Aash

2019年3月30日、大阪府立国際会議場（グランキューブ大阪）にて行われた関西最大規模のゲーム業界勉強会「GAME CREATORS CONFERENCE '18」(ゲームクリエイターズカンファレンス) におけるマイクロソフトと、モノビットエンジンの2社の共同セッションの資料です。モノビットパートでは、講演数日前に、リリースされた『モノビットエンジンクラウド』の使い方や性能、特徴などの初出し情報も掲載しております。また、Azureパートでは、モノビットエンジンクラウドの基盤として採用されている、Microsoft Azure の IaaS に関する情報をお届けしています。

モノビットエンジンがついにクラウド化！しかし、インフラでまさかのAzureを利用！？本当に大丈夫なの？

Daisuke Masubuchi

Speaker: Paul Navrátil, Texas Advanced Computing Center (TACC) The design emphasis for supercomputing systems has moved from raw performance to performance-per-watt, and as a result, supercomputing architectures are converging on processors with wide vector units and many processing cores per chip. Such processors are capable of performant image rendering purely in software. This improved capability is fortuitous, since the prevailing homogeneous system designs lack dedicated, hardware-accelerated rendering subsystems for use in data visualization. Reliance on this “software-defined” rendering capability will grow in importance since, due to growing data sizes, visualizations must be performed on the same machine where the data is produced. Further, as data sizes outgrow disk I/O capacity, visualization will be increasingly incorporated into the simulation code itself (in situ visualization). This talk presents recent work in high-fidelity visualization using the OSPRay ray tracing framework on TACC’s local and remote visualization systems. We present work using OSPRay within ParaView Catalyst in situ framework from Kitware, including capitalizing on opportunities to reduce data costs migrating through VTK filters for visualization. We highlight the performance opportunities and advantages of Intel® Advanced Vector Extensions 512, the memory system improvements possible with Intel® Xeon Phi™ processor multi-channel DRAM (MCDRAM) and the Intel® Omni-Path Architecture interconnect.

SDVIs and In-Situ Visualization on TACC's Stampede

Intel® Software

Building application in a "Microfrontends" way - Prasanna N Venkatesen *XConf...

Thoughtworks

Nsd, il tuo compagno di viaggio quando Domino va in crash

Fabio Pignatti

Join this session for The Best of Windows Server 2016 — The New Foundation of your Datacenter. You’ll get an overview about the new, exciting improvements that are in Windows Server 2016 and how they’ll improve your day-to-day job. In this presentation Thomas Maurer (Microsoft MVP) will guide you through the highly anticipated innovations including: •Hyper-V 2016 features •Nano Server •Storage Spaces Direct •Storage Replica •Windows Server Containers •And more!

The best of Windows Server 2016 - Thomas Maurer

ITCamp

Similaire à Вивисекция: анатомия ботнета из маршрутизаторов (20)

(GAM304) How Riot Games re:Invented Their AWS Model | AWS re:Invent 2014

Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...

MidoNet Trouble Shooting – OpenStack最新情報セミナー 2015年4月

10 Tips for failing at microservices - badly (BedCon 2017)

Artem Melnytskyi "Friendly Сo-pilot as a Practical AI Application"

Neo4j GraphSummit Copenhagen - The path to success with Graph Database and Gr...

March.2012.KinectForWindows

Adding IPv6 to the application layer

Experiences with Power 9 at A*STAR CRC

44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick

IoT - the Next Wave of DDoS Threat Landscape

Tech w22

IBOSEC-3000-2.pdf

Building application in a "Microfrontends" way - Matthias Lauf *XConf Manchester

The Art of defence: How vulnerabilites help shape security features and mitig...

モノビットエンジンがついにクラウド化！しかし、インフラでまさかのAzureを利用！？本当に大丈夫なの？

SDVIs and In-Situ Visualization on TACC's Stampede

Building application in a "Microfrontends" way - Prasanna N Venkatesen *XConf...

Nsd, il tuo compagno di viaggio quando Domino va in crash

The best of Windows Server 2016 - Thomas Maurer

Plus de Positive Hack Days

Инструмент ChangelogBuilder для автоматической подготовки Release Notes

Positive Hack Days

Как мы собираем проекты в выделенном окружении в Windows Docker

Positive Hack Days

Типовая сборка и деплой продуктов в Positive Technologies

Positive Hack Days

1. Что такое BI. Зачем он нужен. 2. Что такое Qlik View / Sense 3. Способ интеграции. Как это работает. 4. Метрики, KPI, планирование ресурсов команд, ретроспектива релиза продукта, тренды. 5. Подключение внешних источников данных (Excel, БД СКУД, переговорные комнаты).

Аналитика в проектах: TFS + Qlik

Positive Hack Days

Использование анализатора кода SonarQube

Positive Hack Days

Развитие сообщества Open DevOps Community

Positive Hack Days

Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...

Positive Hack Days

Approof — статический анализатор кода для проверки веб-приложений на наличие уязвимых компонентов. В своей работе анализатор основывается на правилах, хранящих сигнатуры искомых компонентов. В докладе рассматривается базовая структура правила для Approof и процесс автоматизации его создания.

Автоматизация построения правил для Approof

Positive Hack Days

Задумывались ли вы когда-нибудь о том, как устроены современные механизмы защиты приложений? Какая теория стоит за реализацией WAF и SAST? Каковы пределы их возможностей? Насколько их можно подвинуть за счет более широкого взгляда на проблематику безопасности приложений? На мастер-классе будут рассмотрены основные методы и алгоритмы двух основополагающих технологий защиты приложений — межсетевого экранирования уровня приложения и статического анализа кода. На примерах конкретных инструментов с открытым исходным кодом, разработанных специально для этого мастер-класса, будут рассмотрены проблемы, возникающие на пути у разработчиков средств защиты приложений, и возможные пути их решения, а также даны ответы на все упомянутые вопросы.

Мастер-класс «Трущобы Application Security»

Positive Hack Days

Формальные методы защиты приложений

Positive Hack Days

Эвристические методы защиты приложений

Positive Hack Days

Теоретические основы Application Security

Positive Hack Days

Разработка наукоемкого программного обеспечения отличается тем, что нет ни четкой постановки задачи, ни понимания, что получится в результате. Однако даже этом надо программировать то, что надо, и как надо. Докладчик расскажет о том, как ее команда успешно разработала и вывела в промышленную эксплуатацию несколько наукоемких продуктов, пройдя непростой путь от эксперимента, результатом которого был прототип, до промышленных версий, которые успешно продаются как на российском, так и на зарубежном рынках. Этот путь был насыщен сложностями и качественными управленческими решениями, которыми поделится докладчик

От экспериментального программирования к промышленному: путь длиной в 10 лет

Positive Hack Days

Немногие разработчики закладывают безопасность в архитектуру приложения на этапе проектирования. Часто для этого нет ни денег, ни времени. Еще меньше — понимания моделей нарушителя и моделей угроз. Защита приложения выходит на передний план, когда уязвимости начинают стоить денег. К этому времени приложение уже работает и внесение существенных изменений в код становится нелегкой задачей. К счастью, разработчики тоже люди, и в коде разных приложений можно встретить однотипные недостатки. В докладе речь пойдет об опасных ошибках, которые чаще всего допускают разработчики Android-приложений. Затрагиваются особенности ОС Android, приводятся примеры реальных приложений и уязвимостей в них, описываются способы устранения.

Уязвимое Android-приложение: N проверенных способов наступить на грабли

Positive Hack Days

Разработка любого софта так или иначе базируется на требованиях. Полный перечень составляют бизнес-цели приложения, различные ограничения и ожидания по качеству (их еще называют NFR). Требования к безопасности ПО относятся к последнему пункту. В ходе доклада будут рассматриваться появление этих требований, управление ими и выбор наиболее важных. Отдельно будут освещены принципы построения архитектуры приложения, при наличии таких требований и без, и продемонстрировано, как современные (и хорошо известные) подходы к проектированию приложения помогают лучше строить архитектуру приложения для минимизации ландшафта угроз.

Требования по безопасности в архитектуре ПО

Positive Hack Days

Доклад посвящен разработке корректного программного обеспечения с применением одного из видов статического анализа кода. Будут освещены вопросы применения подобных методов, их слабые стороны и ограничения, а также рассмотрены результаты, которые они могут дать. На конкретных примерах будет продемонстрировано, как выглядят разработка спецификаций для кода на языке Си и доказательство соответствия кода спецификациям.

Формальная верификация кода на языке Си

Positive Hack Days

Механизмы предотвращения атак в ASP.NET Core

Positive Hack Days

SOC для КИИ: израильский опыт

Positive Hack Days

Honeywell Industrial Cyber Security Lab & Services Center

Positive Hack Days

Credential stuffing и брутфорс-атаки

Positive Hack Days

Plus de Positive Hack Days (20)

Инструмент ChangelogBuilder для автоматической подготовки Release Notes

Как мы собираем проекты в выделенном окружении в Windows Docker

Типовая сборка и деплой продуктов в Positive Technologies

Аналитика в проектах: TFS + Qlik

Использование анализатора кода SonarQube

Развитие сообщества Open DevOps Community

Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...

Автоматизация построения правил для Approof

Мастер-класс «Трущобы Application Security»

Формальные методы защиты приложений

Эвристические методы защиты приложений

Теоретические основы Application Security

От экспериментального программирования к промышленному: путь длиной в 10 лет

Уязвимое Android-приложение: N проверенных способов наступить на грабли

Требования по безопасности в архитектуре ПО

Формальная верификация кода на языке Си

Механизмы предотвращения атак в ASP.NET Core

SOC для КИИ: израильский опыт

Honeywell Industrial Cyber Security Lab & Services Center

Credential stuffing и брутфорс-атаки

Dernier

Evaluating the top large language models.pdf

ChristopherTHyatt

Histor y of HAM Radio presentation slide

vu2urc

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

The Raspberry Pi 5 was announced on October 2023. This new version of the popular embedded device comes with a new iteration of Broadcom’s VideoCore GPU platform, and was released with a fully open source driver stack, developed by Igalia. The presentation will discuss some of the major changes required to support this new Video Core iteration, the challenges we faced in the process and the solutions we provided in order to deliver conformant OpenGL ES and Vulkan drivers. The talk will also cover the next steps for the open source Raspberry Pi 5 graphics stack. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://eoss24.sched.com/event/1aBEx

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Igalia

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

In an era where artificial intelligence (AI) stands at the forefront of business innovation, Information Architecture (IA) is at the core of functionality. See “There’s No AI Without IA” – (from 2016 but even more relevant today) Understanding and leveraging how Information Architecture (IA) supports AI synergies between knowledge engineering and prompt engineering is critical for senior leaders looking to successfully deploy AI for internal and externally facing knowledge processes. This webinar be a high-level overview of the methodologies that can elevate AI-driven knowledge processes supporting both employees and customers. Core Insights Include: Strategic Knowledge Engineering: Delve into how structuring AI's knowledge base is required to prevent hallucinations, enable contextual retrieval of accurate information. This will include discussion of gold standard libraries of use cases support testing various LLMs and structures and configurations of knowledge base. Precision in Prompt Engineering: Learn the art of crafting prompts that direct AI to deliver targeted, relevant responses, thereby optimizing customer experiences and business outcomes. Unified Approach for Enhanced AI Performance: Explore the intersection of knowledge and prompt engineering to develop AI systems that are not only more responsive but also aligned with overarching business strategies. Guiding Principles for Implementation: Equip yourself with best practices, ethical guidelines, and strategic considerations for embedding these technologies into your business ecosystem effectively. This webinar is designed to empower business and technology leaders with the knowledge to harness the full potential of AI, ensuring their organizations not only keep pace with digital transformation but lead the charge. Join us to map a roadmap to fully leverage Information Architecture (IA) and AI chart a course towards a future where AI is a key pillar of strategic innovation and business success.

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Earley Information Science

How to convert PDF to text with Nanonets

naman860154

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Heather Hedden, Senior Consultant at Enterprise Knowledge, presented “The Role of Taxonomy and Ontology in Semantic Layers” at a webinar hosted by Progress Semaphore on April 16, 2024. Taxonomies at their core enable effective tagging and retrieval of content, and combined with ontologies they extend to the management and understanding of related data. There are even greater benefits of taxonomies and ontologies to enhance your enterprise information architecture when applying them to a semantic layer. A survey by DBP-Institute found that enterprises using a semantic layer see their business outcomes improve by four times, while reducing their data and analytics costs. Extending taxonomies to a semantic layer can be a game-changing solution, allowing you to connect information silos, alleviate knowledge gaps, and derive new insights. Hedden, who specializes in taxonomy design and implementation, presented how the value of taxonomies shouldn’t reside in silos but be integrated with ontologies into a semantic layer. Learn about: - The essence and purpose of taxonomies and ontologies in information and knowledge management; - Advantages of semantic layers leveraging organizational taxonomies; and - Components and approaches to creating a semantic layer, including the integration of taxonomies and ontologies

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Enterprise Knowledge

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Civil Lines Women Seeking Men

Delhi Call girls

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

Dernier (20)

Evaluating the top large language models.pdf

Histor y of HAM Radio presentation slide

A Domino Admins Adventures (Engage 2024)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

presentation ICT roal in 21st century education

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Artificial Intelligence: Facts and Myths

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

How to convert PDF to text with Nanonets

Axa Assurance Maroc - Insurer Innovation Award 2024

Boost PC performance: How more available memory can improve productivity

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

🐬 The future of MySQL is Postgres 🐘

Powerful Google developer tools for immediate impact! (2023-24 C)

How to Troubleshoot Apps for the Modern Connected Worker

Boost Fertility New Invention Ups Success Rates.pdf

08448380779 Call Girls In Civil Lines Women Seeking Men

What Are The Drone Anti-jamming Systems Technology?

Вивисекция: анатомия ботнета из маршрутизаторов

1. Live dissection   anatomy of router based botnet Ilya Nesterov  Maxim Goncharov

26. Ilya Nesterov Maxim Goncharov (c) 2017 So what? This vulnerability occurs when an attacker has access to the internal network or when remote management is enabled on the router. Remote management is turned off by default, so a user must have affirmatively turned on remote management through advanced settings for the router to be vulnerable in this manner.

34. Ilya Nesterov Maxim Goncharov (c) 2017 MikroTik UPDATE 2: v6.38.5 and 6.39rc49 has been released, this version ﬁxes the vulnerabilities outlined in the above documents, and cleans any ﬁles installed by the tools described. Statement on Vault 7 document release

42. Ilya Nesterov Maxim Goncharov (c) 2017 Why this is a problem? NETGEAR WRN2000 NETGEAR R6XXX NETGEAR R7XXXNETGEAR R8XXX MikroTik HACKED-ROUTER-HELP-SOS- HAD-DUPE-PASSWORD Basic realm=" Default Name:admin Password:1234 "

43. Ilya Nesterov Maxim Goncharov (c) 2017 Why this is a problem? NETGEAR WRN2000 NETGEAR R6XXX NETGEAR R7XXXNETGEAR R8XXX MikroTik HACKED-ROUTER-HELP-SOS- HAD-DUPE-PASSWORD Basic realm=" Default Name:admin Password:1234 "

Вивисекция: анатомия ботнета из маршрутизаторов

Recommandé

Recommandé

Contenu connexe

Similaire à Вивисекция: анатомия ботнета из маршрутизаторов

Similaire à Вивисекция: анатомия ботнета из маршрутизаторов (20)

Plus de Positive Hack Days

Plus de Positive Hack Days (20)

Dernier

Dernier (20)

Вивисекция: анатомия ботнета из маршрутизаторов