[CB19] Recent APT attack on crypto exchange employees by Heungsoo KangCODE BLUE
In this talk, I plan to present overview of the recent APT attacks against employees of cryptocurrency exchanges. Attackers took extra care on its social engineering skills while also using advanced malware and two 0-day exploits. This talk will give an overview of the attack. It will explain what kind of social engineering tricks they used to deceive even skilled programmers, where hacked into a famous university's student/staff account to abuse their infrastructure for the social engineering. It will also include what kind of preparation were necessary for the attackers to plot this attack, how normal it looked to the victim, what tricks they used to avoid detection from security team, security team's capabilities/limitations/how we should protect our assets from these kind of attacks. And also, a brief analysis of the backdoors used.
Cloud computing & energy efficiency using cloud to decrease the energy use in...Puru Agrawal
Cloud can be used to decrease the energy use in large companies. This presentation deals with a model which explains as how cloud can be used to decrease the energy uses. This is a field related to green computing and minimum use of energy resources.
This document discusses cloud security and provides an overview of McAfee's cloud security program. It begins with definitions of cloud computing and cloud security. It then analyzes the growth of the global cloud security market from 2012-2014. Next, it discusses McAfee's cloud security offerings, strengths, weaknesses, opportunities, threats and competitors in the cloud security space. It also provides details on some of McAfee's major customers. Finally, it discusses Netflix's move to the cloud and its cloud security strategy.
This presentation aims to teach the concept of SQL Injection and illustrate in practical examples how such an attack can damage a system.
Examples in Python
Esta apresentação objetiva ensinar o conceito de SQL Injection, bem como ilustrar em exemplos práticos como um ataque desse tipo pode danificar um sistema.
Exemplos em Python.
An ACE in the Hole - Stealthy Host Persistence via Security DescriptorsWill Schroeder
The document discusses stealthy host persistence techniques using security descriptors. It begins with an introduction to the authors and their research focusing on offensive applications of securable objects. It then provides an overview of securable objects, access control lists, and the authors' methodology for researching new persistence primitives using various securable objects like the Service Control Manager, WinRM, DCOM, WMI namespaces, printers, and the remote registry. Case studies and demonstrations are presented for some of these objects.
This document summarizes research on visual cryptography for encrypting images. It discusses how visual cryptography works by encrypting a secret image into multiple shares such that only combining a sufficient number of shares reveals the secret image. Early schemes worked for binary and grayscale images, while later work extended this to color images. Color images can be encrypted by expanding each pixel into small color subpixels and distributing the color combinations across shares. These schemes allow for encryption and decryption with little computation and without requiring secret keys.
Conventional Encryption, also known as symmetric encryption, uses the same key for both encryption and decryption. It has the following properties:
- The sender encrypts the plaintext using a secret key known to both sender and receiver.
- The encrypted data called ciphertext is transmitted to the receiver.
- The receiver decrypts the ciphertext using the same secret key to retrieve the original plaintext.
- It is a fast and simple encryption technique as it uses a single key. However, secure key distribution between communicating parties is a challenge.
- The encryption and decryption algorithms are reversible i.e. decrypting the ciphertext using the secret key reproduces the original plaintext.
- Popular symmetric encryption algorithms are AES
[CB19] Recent APT attack on crypto exchange employees by Heungsoo KangCODE BLUE
In this talk, I plan to present overview of the recent APT attacks against employees of cryptocurrency exchanges. Attackers took extra care on its social engineering skills while also using advanced malware and two 0-day exploits. This talk will give an overview of the attack. It will explain what kind of social engineering tricks they used to deceive even skilled programmers, where hacked into a famous university's student/staff account to abuse their infrastructure for the social engineering. It will also include what kind of preparation were necessary for the attackers to plot this attack, how normal it looked to the victim, what tricks they used to avoid detection from security team, security team's capabilities/limitations/how we should protect our assets from these kind of attacks. And also, a brief analysis of the backdoors used.
Cloud computing & energy efficiency using cloud to decrease the energy use in...Puru Agrawal
Cloud can be used to decrease the energy use in large companies. This presentation deals with a model which explains as how cloud can be used to decrease the energy uses. This is a field related to green computing and minimum use of energy resources.
This document discusses cloud security and provides an overview of McAfee's cloud security program. It begins with definitions of cloud computing and cloud security. It then analyzes the growth of the global cloud security market from 2012-2014. Next, it discusses McAfee's cloud security offerings, strengths, weaknesses, opportunities, threats and competitors in the cloud security space. It also provides details on some of McAfee's major customers. Finally, it discusses Netflix's move to the cloud and its cloud security strategy.
This presentation aims to teach the concept of SQL Injection and illustrate in practical examples how such an attack can damage a system.
Examples in Python
Esta apresentação objetiva ensinar o conceito de SQL Injection, bem como ilustrar em exemplos práticos como um ataque desse tipo pode danificar um sistema.
Exemplos em Python.
An ACE in the Hole - Stealthy Host Persistence via Security DescriptorsWill Schroeder
The document discusses stealthy host persistence techniques using security descriptors. It begins with an introduction to the authors and their research focusing on offensive applications of securable objects. It then provides an overview of securable objects, access control lists, and the authors' methodology for researching new persistence primitives using various securable objects like the Service Control Manager, WinRM, DCOM, WMI namespaces, printers, and the remote registry. Case studies and demonstrations are presented for some of these objects.
This document summarizes research on visual cryptography for encrypting images. It discusses how visual cryptography works by encrypting a secret image into multiple shares such that only combining a sufficient number of shares reveals the secret image. Early schemes worked for binary and grayscale images, while later work extended this to color images. Color images can be encrypted by expanding each pixel into small color subpixels and distributing the color combinations across shares. These schemes allow for encryption and decryption with little computation and without requiring secret keys.
Conventional Encryption, also known as symmetric encryption, uses the same key for both encryption and decryption. It has the following properties:
- The sender encrypts the plaintext using a secret key known to both sender and receiver.
- The encrypted data called ciphertext is transmitted to the receiver.
- The receiver decrypts the ciphertext using the same secret key to retrieve the original plaintext.
- It is a fast and simple encryption technique as it uses a single key. However, secure key distribution between communicating parties is a challenge.
- The encryption and decryption algorithms are reversible i.e. decrypting the ciphertext using the secret key reproduces the original plaintext.
- Popular symmetric encryption algorithms are AES
Cryptographie: Science mathématique permettant d’effectuer des opérations sur un texte intelligible afin d’assurer une ou plusieurs propriétés de la sécurité de l’information .
SECRY - Secure file storage on cloud using hybrid cryptographyALIN BABU
Final project presentation of Final year B.tech CSE Project APJ Abdul Kalam Technological University.
About the project
Cloud computing has now become a major trend, it is a new data hosting technology that is very popular in recent years. In this project, we are developing an web application that can securely store the files to a cloud server. We proposes a system that uses hybrid cryptography technique to securely store the data in cloud. The hybrid approach when deployed in cloud environment makes the remote server more secure and thus, helps the users to fetch more trust of their data in the cloud. For data security and privacy protection issues, the fundamental challenge of separation of sensitive data and access control is fulfilled. Cryptography technique translates original data into unreadable format. This technique uses keys for translate data into unreadable form. So only authorized person can access data from cloud server.
We provide a cloud storage that uses multiple crypotraphic technique which is known by hybrid cryptography. The product provides confidentiality by using security for both upload and download. The data will be secured since we use multi level security techniques and multiple servers for storage.
This presentation contains the contents pertaining to the undergraduate course on Cryptography and Network Security (UITC203) at Sri Ramakrishna Institute of Technology. This covers the Elliptic Curve Cryptography and the basis of elliptic curve arithmetics.
This document provides an overview of information security and cryptography. It discusses objectives of security like avoiding data threats. It also covers topics like password auditing, data security, authentication, encryption, decryption, public and private key cryptography, digital signatures, and the RSA algorithm. It demonstrates an example of encrypting a message using RSA and decrypting the cipher text. The conclusion emphasizes the importance of information security.
Attribute Based Encryption with Privacy Preserving In Clouds Swathi Rampur
This is a ppt made by shrihari ,in this encryption with privacy preserving in clouds is described!
It will be helpfull for those who are doing projects on cloud!
This document provides an introduction to cryptography. It discusses the basic terms, notations, and structures of cryptography including private and public key cryptography examples. It also discusses modern secret key ciphers, encryption, attacks on ciphers, and the design of private key ciphers. The document contains examples of the Caesar cipher and a toy example of private and public key cryptography. It outlines principles of private key encryption and applications of modern cryptography.
Visual cryptography is a cryptographic technique that allows visual information like images and text to be encrypted in a way that decryption does not require a computer and is instead a mechanical operation performed by the human visual system. It was pioneered in 1994 by Moni Naor and Adi Shamir. The technique works by breaking an image into shares such that individual shares reveal no information about the original image but combining the shares allows the image to be revealed. For example, in a 2 out of 2 visual cryptography scheme each pixel is broken into 4 subpixels distributed randomly across 2 shares such that stacking the shares recovers the original pixel value. Visual cryptography finds applications in secure identification and communication.
This document provides an overview of cryptography. It begins with background information, defining cryptography as using mathematics to encrypt and decrypt data to enable secure transmission. The main purposes of cryptography are then outlined as authentication, privacy/confidentiality, integrity, and non-repudiation. The methodology section describes symmetric and asymmetric encryption methods. Symmetric encryption uses the same key for encryption and decryption while asymmetric uses mathematically related public/private key pairs. Specific symmetric algorithms like block and stream ciphers are then defined along with concepts like padding schemes. The document concludes with sections on key exchange and digital signatures, which enable practical uses of cryptography.
This document discusses digital signatures and how they provide security services like secrecy, authentication, non-repudiation and integrity. It explains that digital signatures use asymmetric cryptography with a private key for signing and a public key for verification. The digital signature is created by hashing the message and signing it with the private key. When received, the message hash is verified using the public key to authenticate that the signature was created by the private key owner and that the message has not been altered. Digital signatures thus authenticate messages and ensure non-repudiation by binding the signer to the message in a way that can be verified.
This document provides an overview of steganography, which is the practice of hiding secret information within other non-secret digital files like images, audio, or video. The document discusses the history of steganography from ancient times using techniques like hidden tattoos or wax tablets, to its modern uses with digital files and tools. Advantages include secrecy between sender and receiver, while disadvantages include potential use by terrorists. The document contrasts steganography with cryptography, noting that steganography hides the existence of secret messages within other files, while cryptography encrypts messages but does not hide their existence.
Introduction to Public Key InfrastructureTheo Gravity
Adonis Fung and I worked on a project where we defined and built PKI (Public Key Infrastructure) for our local development and deployed environments. I gave a talk to our engineers on how PKI works, covering encryption, signing, trust stores, and how the HTTPS handshake works.
This document discusses security issues related to cloud computing. It defines cloud computing and outlines the essential characteristics, service models, and deployment models. It also addresses key security concerns including governance, legal issues, compliance, information lifecycle management, and risks associated with loss of control over data and applications in the cloud. The document emphasizes that security responsibilities are shared between cloud providers and users, and both parties need to understand their roles.
Introduction to Public key Cryptosystems with block diagrams
Reference : Cryptography and Network Security Principles and Practice , Sixth Edition , William Stalling
Visual Cryptography is quite new but very innovative idea. This presentation will introduce about it's concept and technique. In the last it has some references that will help the user.
Confidential Computing provides comprehensive protection for sensitive data by performing computation within hardware-based Trusted Execution Environments. This prevents unauthorized access to applications and data in use, increasing security assurances for regulated industries. IBM offers a portfolio of Confidential Computing services spanning on-premises and cloud options, including confidential virtual servers, databases, containers, and cryptography. These services allow customers to benefit from cloud capabilities while maintaining strict control and privacy of sensitive data.
This document provides an overview of Python cryptography and security topics including cryptography concepts like hashing, symmetric and asymmetric encryption, digital signatures, and Python libraries for working with cryptography like PyCrypto and Cryptography. It also discusses Django security best practices like using HTTPS, securing cookies and passwords, and access control.
A digital signature allows one to verify the identity of the sender of a message and that the message content has not been altered. It involves a key generation algorithm that produces a private key and public key pair. The signing algorithm uses the private key to generate a signature for a message. The signature verification algorithm uses the public key to verify the signature and authenticity of the message. Digital signatures provide security as long as the private key remains confidential to the owner.
Cryptographie: Science mathématique permettant d’effectuer des opérations sur un texte intelligible afin d’assurer une ou plusieurs propriétés de la sécurité de l’information .
SECRY - Secure file storage on cloud using hybrid cryptographyALIN BABU
Final project presentation of Final year B.tech CSE Project APJ Abdul Kalam Technological University.
About the project
Cloud computing has now become a major trend, it is a new data hosting technology that is very popular in recent years. In this project, we are developing an web application that can securely store the files to a cloud server. We proposes a system that uses hybrid cryptography technique to securely store the data in cloud. The hybrid approach when deployed in cloud environment makes the remote server more secure and thus, helps the users to fetch more trust of their data in the cloud. For data security and privacy protection issues, the fundamental challenge of separation of sensitive data and access control is fulfilled. Cryptography technique translates original data into unreadable format. This technique uses keys for translate data into unreadable form. So only authorized person can access data from cloud server.
We provide a cloud storage that uses multiple crypotraphic technique which is known by hybrid cryptography. The product provides confidentiality by using security for both upload and download. The data will be secured since we use multi level security techniques and multiple servers for storage.
This presentation contains the contents pertaining to the undergraduate course on Cryptography and Network Security (UITC203) at Sri Ramakrishna Institute of Technology. This covers the Elliptic Curve Cryptography and the basis of elliptic curve arithmetics.
This document provides an overview of information security and cryptography. It discusses objectives of security like avoiding data threats. It also covers topics like password auditing, data security, authentication, encryption, decryption, public and private key cryptography, digital signatures, and the RSA algorithm. It demonstrates an example of encrypting a message using RSA and decrypting the cipher text. The conclusion emphasizes the importance of information security.
Attribute Based Encryption with Privacy Preserving In Clouds Swathi Rampur
This is a ppt made by shrihari ,in this encryption with privacy preserving in clouds is described!
It will be helpfull for those who are doing projects on cloud!
This document provides an introduction to cryptography. It discusses the basic terms, notations, and structures of cryptography including private and public key cryptography examples. It also discusses modern secret key ciphers, encryption, attacks on ciphers, and the design of private key ciphers. The document contains examples of the Caesar cipher and a toy example of private and public key cryptography. It outlines principles of private key encryption and applications of modern cryptography.
Visual cryptography is a cryptographic technique that allows visual information like images and text to be encrypted in a way that decryption does not require a computer and is instead a mechanical operation performed by the human visual system. It was pioneered in 1994 by Moni Naor and Adi Shamir. The technique works by breaking an image into shares such that individual shares reveal no information about the original image but combining the shares allows the image to be revealed. For example, in a 2 out of 2 visual cryptography scheme each pixel is broken into 4 subpixels distributed randomly across 2 shares such that stacking the shares recovers the original pixel value. Visual cryptography finds applications in secure identification and communication.
This document provides an overview of cryptography. It begins with background information, defining cryptography as using mathematics to encrypt and decrypt data to enable secure transmission. The main purposes of cryptography are then outlined as authentication, privacy/confidentiality, integrity, and non-repudiation. The methodology section describes symmetric and asymmetric encryption methods. Symmetric encryption uses the same key for encryption and decryption while asymmetric uses mathematically related public/private key pairs. Specific symmetric algorithms like block and stream ciphers are then defined along with concepts like padding schemes. The document concludes with sections on key exchange and digital signatures, which enable practical uses of cryptography.
This document discusses digital signatures and how they provide security services like secrecy, authentication, non-repudiation and integrity. It explains that digital signatures use asymmetric cryptography with a private key for signing and a public key for verification. The digital signature is created by hashing the message and signing it with the private key. When received, the message hash is verified using the public key to authenticate that the signature was created by the private key owner and that the message has not been altered. Digital signatures thus authenticate messages and ensure non-repudiation by binding the signer to the message in a way that can be verified.
This document provides an overview of steganography, which is the practice of hiding secret information within other non-secret digital files like images, audio, or video. The document discusses the history of steganography from ancient times using techniques like hidden tattoos or wax tablets, to its modern uses with digital files and tools. Advantages include secrecy between sender and receiver, while disadvantages include potential use by terrorists. The document contrasts steganography with cryptography, noting that steganography hides the existence of secret messages within other files, while cryptography encrypts messages but does not hide their existence.
Introduction to Public Key InfrastructureTheo Gravity
Adonis Fung and I worked on a project where we defined and built PKI (Public Key Infrastructure) for our local development and deployed environments. I gave a talk to our engineers on how PKI works, covering encryption, signing, trust stores, and how the HTTPS handshake works.
This document discusses security issues related to cloud computing. It defines cloud computing and outlines the essential characteristics, service models, and deployment models. It also addresses key security concerns including governance, legal issues, compliance, information lifecycle management, and risks associated with loss of control over data and applications in the cloud. The document emphasizes that security responsibilities are shared between cloud providers and users, and both parties need to understand their roles.
Introduction to Public key Cryptosystems with block diagrams
Reference : Cryptography and Network Security Principles and Practice , Sixth Edition , William Stalling
Visual Cryptography is quite new but very innovative idea. This presentation will introduce about it's concept and technique. In the last it has some references that will help the user.
Confidential Computing provides comprehensive protection for sensitive data by performing computation within hardware-based Trusted Execution Environments. This prevents unauthorized access to applications and data in use, increasing security assurances for regulated industries. IBM offers a portfolio of Confidential Computing services spanning on-premises and cloud options, including confidential virtual servers, databases, containers, and cryptography. These services allow customers to benefit from cloud capabilities while maintaining strict control and privacy of sensitive data.
This document provides an overview of Python cryptography and security topics including cryptography concepts like hashing, symmetric and asymmetric encryption, digital signatures, and Python libraries for working with cryptography like PyCrypto and Cryptography. It also discusses Django security best practices like using HTTPS, securing cookies and passwords, and access control.
A digital signature allows one to verify the identity of the sender of a message and that the message content has not been altered. It involves a key generation algorithm that produces a private key and public key pair. The signing algorithm uses the private key to generate a signature for a message. The signature verification algorithm uses the public key to verify the signature and authenticity of the message. Digital signatures provide security as long as the private key remains confidential to the owner.
Présentation de Semlex, société spécialisée depuis 1992 dans le développement et la mise en place de systèmes d'identification biométrique et la réalisation de documents d'identité biométriques hautement sécurisés.
Cas du Recensement Agricole en Côte d’Ivoire: Utilisation de la technologie p...ExternalEvents
Cas du Recensement Agricole en Côte d’Ivoire: Utilisation de la technologie pour la saisie et la compilation des données sur le terrain et l'implication pour la gestion de la collecte des données sur le terrain
Cas du Recensement Agricole en Côte d’Ivoire: Utilisation de la technologie p...ExternalEvents
Cas du Recensement Agricole en Côte d’Ivoire: Utilisation de la technologie pour la saisie et la compilation des données sur le terrain et l'implication pour la gestion de la collecte des données sur le terrain.
Conférence Enova Paris 2016 : l'industrie du futur, quelle place pour l'IoT ?Brice Nadin
Conférence Enova Paris 2016, tenue le 14 septembre 2016 lors d'une conférence organisée par Cap'Tronic (ministère de l'industrie) lors du salon Enova 2016 dédié à l'IoT et l'industrie 4.0.
Découvrez les besoins actuels et futurs, ainsi que les opportunités liées aux solutions « Track & Trace » dans le monde de la Supply Chain / Transport.
Les transactions financières et bancaires dans la e-administration & la e-go...Abdoulaye Kanté
4 Partage d’expériences
SENEGAL : Déclaration & Paiement de l’impôt en ligne
SENEGAL : Déclaration & Paiement en ligne des taxes de douane
ORANGE : la porte monnaie virtuelle au service du grand public
METZ / FRANCE : Solution de paiement par NFC mise en place par la ville de Metz (France) pour la gestion du parking public
Objets connectés et Data Science, quels usages marketing ?
Les objets connectés provoquent un véritable déluge de données. Les techniques de Machine Learning et de Data Science combinées aux technologies Big Data permettent de transformer ces données en connaissance actionnable pour améliorer l’expérience utilisateur, la qualité des produits ou l’efficacité des processus. Quelles données remontent de l’IoT ? quelles techniques permettent d’en extraire de la connaissance utile ? comment cette connaissance peut-elle créer de la valeur ?
Que ce soit dans le domaine de la santé, de la domotique, des véhicules, des réseaux de distribution, la quantité d’objets connectés croît de manière exponentielle. Dans le même temps, les innovations technologiques concourent à augmenter la fréquence et la quantité d’informations captée et exploitable.
Les services rendus à son utilisateur par chaque objet connecté reposent sur la donnée collectée et son analyse. Mais l’accumulation de données que rendent possible les technologies Big Data et la puissance d’analyse qu’offrent les techniques de Deep Machine Learning et de Data Science ouvrent de nouveaux horizons à l’utilisation marketing des données de l’IoT : primes d’assurances tarifées à l’usage, prévisions des ventes de produits frais ou des consommations d’énergie, anticipation des files d’attente en caisse, yield management et pricing dynamique, ...
Ce séminaire prospectif vise à présenter au travers de quelques exemples, les données, les technologies et les techniques sous-jacentes à l’analyse de données massives produites par les objets connectés ainsi que des conseils sur les modalités pratiques de mise en œuvre.
Les collectivités à l’heure des objets connectés - QowisioLes Interconnectés
Atelier sur les nouvelles perspectives des collectivités en matière d'objets connectés
Intervention de Nathalie Guillot, E-Deal et David Rousseau de Qowisio
Migration IGC Santé : impacts pour les services utilisateurs de cartes CPS
Présentation de David Decroix dans le cadre de la Journée nationale des industriels - 21 décembre 2017 - Centre d'affaires Paris Victoire
Gemadec is a Moroccan technology company founded in 1977 with over 60 employees specializing in document digitalization, hybrid mail and printing, and identification security and biometrics. It has a subsidiary in Senegal and serves over 20 countries in Africa and Europe. Gemadec has shifted from primarily selling equipment to providing more engineering and services, and has expanded its certification, partnerships, and international presence over the last several decades.
1. Mise en place d’un système de recensement et de contrôle
de présence basé sur une technologie biométrique
d’acquisition d’empreintes digitales
oct.-17