Learn all about the new data classification capabilities built into Azure SQL Database. Data Classification enables discovering, classifying, labeling & protecting the sensitive data in your databases.

Examples of sensitive data include business, financial, healthcare, personally identifiable data (PII). Discovering and classifying your most sensitive data can play a pivotal role in your organizational information protection stature.

Data discovery & classification is part of the Advanced Data Security (ADS) offering, which is a unified package for advanced SQL security capabilities.

Find out more about Advanced Data Security at: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-advanced-data-security?WT.mc_id=dataexposed-c9-niner-fw .

Microsoft Research just posted this video on adversarial machine learning.

As ML is being used for increasingly security sensitive applications and is trained in increasingly unreliable data, the ability for learning algorithms to tolerate worst-case noise has become more and more important.

The reliability of machine learning systems in the presence of adversarial noise has become a major field of study in recent years.

In this talk, I’ll survey a number of recent results in this area, both theoretical and more applied. We will survey recent advances in robust statistics, data poisoning, and adversarial examples for neural networks. The overarching goal is to give provably robust algorithms for these problems, which still perform well in practice.

Talk slides: https://www.microsoft.com/en-us/research/uploads/prod/2019/11/Adversarial-Machine-Learning-SLIDES.pdf

Siraj Raval shows off examples of machine learning apps from his students.

If you’re wondering about my stance on the recent controversies around Siraj, I recorded a Data Point about that.

Machine Learning powers almost every internet service we use these days, but it’s rare to find a full pipeline example of machine learning being deployed in a web app. In this episode, I’d like to present 5 full-stack machine learning demos submitted as midterm projects from the students of my current course. The midterm assignment was to create a paid machine learning web app, and after receiving countless incredible submissions, I’ve decided to share my favorite 5 publicly. I was surprised by how many students in the course had never coded before and to see them building a full-stack web app in a few weeks was a very fulfilling experience. Use these examples as a template to help you ideate on potential business ideas to make a positive impact in the world using machine learning. And if you’d like, be sure to reach out and support each of the students I’ve demoed here today in any way can you offer. They’ve been working their butts off. Enjoy!

Presentation notebook: https://colab.research.google.com/drive/1m5aLHPnwIhVX8zgMvZUtK4iG9xSaMbk8

freeCodeCamp.org has posted a full 14 hour network penetration testing/ethical hacking in this full tutorial course for beginners.

This course teaches everything you need to know to get started with ethical hacking and penetration testing. You will learn the practical skills necessary to work in the field.

Throughout the course, you will develop your own Active Directory lab in Windows, make it vulnerable, hack it, and patch it. We’ll cover the red and blue sides. We’ll also cover some of the boring stuff like report writing :).

This course was originally live streamed weekly on Twitch and built from lessons learned in the previous week.

GitHub repo (for homework):
https://github.com/hmaverickadams/Beginner-Network-Pentesting

Course created by The Cyber Mentor.

Check out his YouTube channel:
https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw

Course Contents

  • (0:00) – Course Introduction/whoami
  • (6:12) – Part 1: Introduction, Notekeeping, and Introductory Linux
  • (1:43:45) – Part 2: Python 101
  • (3:10:05) – Part 3: Python 102 (Building a Terrible Port Scanner)
  • (4:23:14) – Part 4: Passive OSINT
  • (5:41:41) – Part 5: Scanning Tools & Tactics
  • (6:56:42) – Part 6: Enumeration
  • (8:31:22) – Part 7: Exploitation, Shells, and Some Credential Stuffing
  • (9:57:15) – Part 8: Building an AD Lab, LLMNR Poisoning, and NTLMv2 Cracking with Hashcat
  • (11:13:20) – Part 9: NTLM Relay, Token Impersonation, Pass the Hash, PsExec, and more
  • (12:40:46) – Part 10: MS17-010, GPP/cPasswords, and Kerberoasting
  • (13:32:33) – Part 11: File Transfers, Pivoting, Report Writing, and Career Advice

Siraj Raval just posted this video on defending AI against adversarial attacks

Machine Learning technology isn’t perfect, it’s vulnerable to many different types of attacks! In this episode, I’ll explain 2 common types of attacks and 2 common types of defenses using various code demos from across the Web. There’s some really dope mathematics involved with adversarial attacks, and it was a lot of fun reading about the ‘cat and mouse’ game between new attack techniques, followed by new defense techniques. I encourage anyone new to the field who finds this stuff interesting to learn more about it. I definitely plan to. Let’s look into some math, code, and examples. Enjoy!

Slideshow for this video:
https://colab.research.google.com/drive/19N9VWTukXTPUj9eukeie55XIu3HKR5TT

Demo project:
https://github.com/jaxball/advis.js

 

Recently, the tech press is full of stories about “a new ransomware strain” called GermanWiper, that has hit German businesses hard in the last week.

Rather like a typical ransomware attack vector, GermanWiper, arrives in your inbox in the form of an email.

Worse yet, it’s not ransomware. Ransomware at least provides a slim glimer of hope of getting your data back.

GermanWiper, rather like a typical ransomware attack, arrives in your inbox in the form of an email. In this case samples have been seen purporting to be a job application from a person called Lena Kretschmer.

Sarah Young joins Scott Hanselman to discuss Azure Sentinel, which is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.