Videos in category Andre

  • FSCONS 2017 - Karl Trygve Kalleberg - Taking back control of the software running on your hardware (0:43:49)
  • NUUG
  • Open technology is a fantastically appealing dream. Here in the real world, however, many of us struggle to get by with the increasingly closed platforms that define our digital life. In this talk, we discuss how to combat closed technology with open technology, through the supernerdy activity of reverse engineering.g is just a fancy name for taking things apart to understand how they work. We demonstrate how this can be done to closed-source software running on various different platforms. As part of our demonstration, we cover a handful of topics relevant for the intrepid hacktivist who wants to survive in the age of gated communities: * investigative capabilities available on closed mobile platforms (focus on Android and IOS) * trends in application sandboxing and digital rights management * gotchas of interoperating with proprietary protocols We’ll approach these topics through a series of adventures on the console, alongside our favourite traveling companion: Frida. She’s an awesome (libre!) tool for inject JavaScript to explore native apps on Windows, macOS, Linux, iOS, Android, and QNX. The examples throughout the talk may be somewhat technical, but taken from everyday examples most of the audience should be able to relate to. Even if programming and reverse engineering is not your thing, you still risk learning something by showing up. Recorded for FSCONS by NUUG.
  • When exploits are blind - Chris Dale (0:49:11)
  • NUUG
  • Demonstration based presentation. Only intro and outro powerpoint slides. Demonstrate user enumeration using timing attacks. Especially prominent when companies have implemented bcrypt/scrypt/pbkdf#2. Attack vector which is very useful in many cases today, notably against Lync/Skype4B installations today. Further password spray into a solution. Discover, analyze and fully exploit reverse-shell command injection. How to find these across large systems? How dose vulnerability scanners work, and how do they detect this? Introduction to Burp Collaborator. Introduction to script for merging attack data into hundreds of Burp Collaborators. Discover, analyze and fully exploit blind SQL Injection. Demonstrating Burp Intruder cluster bomb attack to enumerate out table data. Recorded at the OWASP Norway Day by NUUG.
  • Modern Web Application Vulnerabilities - Erlend Oftedal (0:44:04)
  • NUUG
  • With the emerging popularity of bug bounty programs, lesser known and even brand new vulnerability classes are gaining popularity. This talk will give a walk-though of some of these vulnerabilities, how they occur in modern web applications and how they can be found and fixed. Recorded at the OWASP Norway Day by NUUG.
  • The State of Your Supply Chain - Andrew Martin (1:03:21)
  • NUUG
  • Container security often focuses on runtime best-practices whilst neglecting delivery of the software in the supply chain. Application, library, and OS vulnerabilities are a likely route to data exfiltration, and emerging technologies in the container ecosystem offer a new opportunity to mitigate this risk. Treating containers as immutable artefacts and injecting configuration allows us to "upgrade" images by rebuilding and shipping whole software bundles, avoiding configuration drift and state inconsistencies. This makes it possible to constantly patch software, and to easily enforce governance of artefacts both pre- and post-deployment. In this talk we detail an ideal, security-hardened container supply chain, describe the current state of the ecosystem, and dig into specific tools. Grafeas, Kritis, in-toto, Clair, Micro Scanner, TUF, and Notary are covered, and we demo how to gate container image pipelines and deployments on cryptographically verified supply chain metadata. Recorded at the OWASP Norway Day by NUUG
  • Linux Security APIs and the Chromium Sandbox - Patricia Aas (0:53:47)
  • NUUG
  • The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context in this talk. Recorded at the OWASP Norway Day by NUUG.
  • What We’ve Learned From Billions of Security Reports - Scott Helme (0:59:29)
  • NUUG
  • Running one of the largest security reporting platforms of its kind, we handle billions of security reports for our customers every single month. Come and learn how we've scaled from handling 10,000 reports per month to 10,000 reports per second and the many evolutions our infrastructure has gone through. Alongside that come and see how, with our bird’s-eye view of such a diverse ecosystem, we’ve helped identify malware in a multinational organisation, had a malicious browser plugin taken down and much more! Recorded at the OWASP Norway Day by NUUG.
  • Vincent Ambo - Where does YOUR compiler come from (0:49:54)
  • NUUG
  • Many people are familiar with the problems around the lack of trust in proprietary hardware components and their firmware. Similar issues do however exist on the software side of things, especially when it comes to how we bootstrap compilers for the ubiquitous C-language. This talk will present an overview of how these processes work in modern Linux distributions, which issues we have and what the implications are. We'll also do a brief dive into related topics, such as repeatable build environments and reproducibility. If you're not already aware of these issues, hopefully this talk will leave you with a newfound sense of paranoia and some pointers towards things that YOU can do to improve the situation.
  • TED - Jeremy Heimans: What new power looks like (0:15:13)
  • NUUG
  • We can see the power of distributed, crowd-sourced business models every day — witness Uber, Kickstarter, Airbnb. But veteran online activist Jeremy Heimans asks: When does that kind of "new power" start to work in politics? His surprising answer: Sooner than you think. It’s a bold argument about the future of politics and power; watch and see if you agree. TED talk downloaded from The Internet Archive.
  • TED - Donald Hoffman: Do we see reality as it is? (0:21:55)
  • NUUG
  • Cognitive scientist Donald Hoffman is trying to answer a big question: Do we experience the world as it really is ... or as we need it to be? In this ever so slightly mind-blowing talk, he ponders how our minds construct reality for us. TED talk downloaded from The Internet Archive.
  • OpenStack og drift i nettskyen (1:22:51)
  • NUUG
  • Dag Stenstad fra Zetta.IO presenterer hvordan man kommer igang med drift av tjenester i nettskyen. De siste årene har skjedd en stor omveltning i den globale IT-bransjen, hvor IT-infrastruktur blir industrialisert og standardisert. Dette legger grunnlaget for helt andre drifts- og utviklingsmodeller enn det som benyttes i dag. Automatisering av oppsett og styring av kapasitet, gjør at fokus endres fra det å drifte enkelte servere, til å levere tjenester. Dag er daglig leder i Zetta.IO, den første norske leverandøren av Infrastruktur som tjeneste (IaaS) levert på Openstack. Han har 16 års erfaring fra telco- og hostingbransjen.
  • Slik bruker du Frikanalen (0:05:38)
  • Frikanalen
  • Denne videoen forteller hvordan du bruker frikanalen.tv. Videoen viser også hvordan redaktører kan laste opp video og programmere TV-sendingen på admin.frikanalen.tv
  • Åpning av Frikanalen (0:15:39)
  • Digital Video Creation
  • Opptak fra livesendingen på Folkets Hus 8.januar. Trond Giske Åpner den første ordinære sendingen, samt en breakdance til en strykekvartett akkopagnert av en trommis. Produsert av unge frivillige fra The Gathering under ledelse av Andreas Aanerud :+)