Best Evrone Podcasts (2024)

1
Дмитрий Шевченко [Surf] / PWA на Flutter из мобильного приложения 20:02

1+ y ago20:02

20:02

Доклад посвящен одной из злободневной теме, мы постараемся ответить на вопрос, как защитить мобильное приложение от удаления из сторов? В рамках доклада мы рассмотрим подход при котором мобильное приложение на Flutter без проблем можно запустить в вебе в режиме PWABy From Evrone with love

1
Андрей Хайлов [Evrone] / Многозадачность и многопоточность во Flutter 11:05

1+ y ago11:05

11:05

Dart — однопоточный а Flutter использует Dart. Тяжелые синхронные операции, работа с сетевыми запросами, конвертация данных. Все это отнимает драгоценное время на отрисовку интерфейса и следовательно влияет на производительность и частоту кадров. В докладе будет изложены основные принципы разделения сложных вычислений и вынесение их из главного пот…

1
Александр Шерман [Самокат] / Ruby под нагрузкой, или меняем Puma на Falcon за неделю до релиза 14:27

1+ y ago14:27

14:27

Про Ruby редко говорят в контексте высоких нагрузок. C приходом всинхронных файберов в 3-й версии языка все поменялось, и самые смелые разработчики уже пробуют повторить успех FastAPI и Go в построении асинхронных систем с высоким RPS. Александр из "Самоката" расскажет про их смелые эксперименты, поделится цифрами и результатами.…

1
Марсель Мустафин [UScreen] / Как мы еще не перешли с Vue.js на Hotwire 15:23

1+ y ago15:23

15:23

Hotwire было представлено вместе с 7-ми рельсами менее года назад, и мало кто уже попробовал технологию в проде. В UScreen - попробовали! Марсель расскажет, как много лет в компании искали устраивающий их стек фронтенд технологий, чем не утраивали существующие и почему так "зашел" Hotwire.By From Evrone with love

1
Дмитрий Матвеев [Поток.Диджитал] / Node.js for ruby developer - личный опыт 16:18

1+ y ago16:18

16:18

Есть легенда, что рубисты - фуллстеки и любой рубист может писать на JavaScript не только фронтенд, но и бэкенд. Подключайтесь к докладу Дмитрия Матвеева, который расскажет как это бывает: когда рубистам достается код на Node.js и надо что-то делать.By From Evrone with love

1
Александр Панасюк [СберМаркет] / Чиним отставание реплик, не меняя архитектуру ruby монолита 15:38

1+ y ago15:38

15:38

Хайлоад чаще всего приходит к нам, чтобы полакомиться базой данных. Но у нас есть ответы! Кеширование, денормализация, шардирование, реплици - каждый со своими достоинствами и недостатками. Александр из СберМаркета расскажет об одном из недостатков репликации: реплики могут отставать, и это не всегда можно игнорировать. Про некоторые способы борьбы…

1
Анвар Туйкин и Михаил Поспелов [Toptal] / Сказ о неработающих гайдлайнах: Toptal, GraphQL и линтеры 16:22

1+ y ago16:22

16:22

Toptal это огромный монолит на Ruby: сотни разработчиков и миллионы написанных строк кода. Мы используем GraphQL, которого при таких масштабах тоже немало: больше 20 схем. Чтобы раз за разом не повторять типовых ошибок и писать похожий код, мы разработали правила "готовки" для GraphQL внутри компании. Но правила не работают сами по себе, поэтому в …

1
Евгений Демин [Toptal] / ActiveRecord Schema Consistency - а если проверю? 11:49

1+ y ago11:49

11:49

Однажды Евгению из Toptal надоело находить ошибки неконсистентности между ActiveRecord и базой данных. Он сделал линтер, натравил его на всю кодовую базу и... Что было дальше он расскажет в новом эпизоде нашего подкаста.By From Evrone with love

1
Сергей Плешанов [Домклик] / Готовим крафтовые API-клиенты без головной боли 16:07

1+ y ago16:07

16:07

Генерация API клиентов - отдельное искусство. Множество подходов и решений без явного лучшего способа для всех. Сергей из Домлик расскажет про их собственный генератор, который разделяет код гемов на "сгенерированный", "общий для всех" и "написанный вручную для конкретного сервиса".By From Evrone with love

1
Дмитрий Клейменов [Evrone] / 3 попытки и 8 лет перехода с Ruby на Elixir 14:19

1+ y ago14:19

14:19

Elixir для рубистов - возможность создавать быстрые микросервисы "почти на руби". Но так ли легко освоить стек, уходящий своими корнями в не самый дружественный для программиста Erlang? Дмитрий из Evrone расскажет про свой путь в мир эликсира и что поджидает всех тех, кто хочет запилить очередной микросервис не на гошечке, а на чем-то более удобном…

1
Егор Шморгун [Level Travel] / Чем dry-rb (не) полезен мне 17:27

1+ y ago17:27

17:27

Каждый год на RubyRussia собирается больше тысячи рубистов. Зачем? Чтобы поговорить про разработку! Спикеры помогают направить обсуждение в выбранные темы, одна из которых - dry-rb. Егор из Level Travel расскажет, что лично ему нравится и не нравится в этом "швейцарском ноже паттернов" и вместе с вами обсудит границы применимости dry в наших проект…

1
Gadi Evron: Estonia: Information Warfare and Strategic Lessons 1:13:39

16+ y ago1:13:39

1:13:39

In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on …

1
Gadi Evron: Estonia: Information Warfare and Strategic Lessons 1:13:39

16+ y ago1:13:39

1:13:39

In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on …

1
HD Moore & Valsmith: Tactical Exploitation-Part 2 1:12:12

16+ y ago1:12:12

1:12:12

Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tool…

1
HD Moore & Valsmith: Tactical Exploitation-Part 2 1:12:12

16+ y ago1:12:12

1:12:12

Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tool…

1
Jon Callas: Traffic Analysis -- The Most Powerful and Least Understood Attack Methods 51:51

18+ y ago51:51

51:51

Traffic analysis is gathering information about parties not by analyzing the content of their communications, but through the metadata of those communications. It is not a single technique, but a family of techniques that are powerful and hard to defend against. Traffic analysis is also one of the least studied and least well understood techniques …

1
Dan Kaminsky: Black Ops 2007: Design Reviewing The Web 55:14

18+ y ago55:14

55:14

Design bugs are really difficult to fix -- nobody ever takes a dependency on a buffer overflow, after all. Few things have had their design stretched as far as the web; as such, I've been starting to take a look at some interesting aspects of the "Web 2.0" craze. Here's a few things I've been looking at: Slirpie: VPN'ing into Protected Networks Wit…

1
Krishna Kurapati: Vulnerabilities in Wi-Fi/Dual-Mode VoIP Phones 1:10:32

18+ y ago1:10:32

1:10:32

Dual-mode phones are used to automatically switch between WiFi and cellular networks thus providing lower costs, improved connectivity and a rich set of converged services utilizing protocols like SIP. Among several other VoIP products and services, Sipera VIPER Lab conducted vulnerability assessment on a sample group of dual-mode/Wi-Fi phones and …

1
Mikko Hypponen: Status of Cell Phone Malware in 2007 1:08:35

18+ y ago1:08:35

1:08:35

First real viruses infecting mobile phones were found during late 2004. Since then, hundreds of different viruses have been found, most of them targeting smartphones running the Symbian operating system. Mobile phone viruses use new spreading vectors such as Multimedia messages and Bluetooth. Why is this mostly a Symbian problem? Why hasn't Windows…

1
Greg Hoglund: Active Reversing: The Next Generation of Reverse Engineering 1:06:23

18+ y ago1:06:23

1:06:23

Most people think of reverse engineering as a tedious process of reading disassembled CPU instructions and attempting to predict or deduce what the original 'c' code was supposed to look like. This process is difficult, time consuming, and expensive, but it doesn't need to be. Software programs can be made to reverse engineer themselves. Software, …

1
Dr. Neal Krawetz: A Picture's Worth... 48:37

18+ y ago48:37

48:37

Digital cameras and video software have made it easier than ever to create high quality pictures and movies. Services such as MySpace, Google Video, and Flickr make it trivial to distribute pictures, and many are picked up by the mass media. However, there is a problem: how can you tell if a video or picture is showing something real? Is it compute…

1
Adam Laurie: RFIDIOts!!!- Practical RFID Hacking (Without Soldering Irons or Patent Attorneys) 1:13:07

18+ y ago1:13:07

1:13:07

RFID is being embedded in everything...From Passports to Pants. Door Keys to Credit Cards. Mobile Phones to Trash Cans. Pets to People even! For some reason these devices have become the solution to every new problem, and we can't seem to get enough of them...By feedback@blackhat.com (Black Hat RSS Feed)

1
Dr. Andrew Lindell: Anonymous Authentication-Preserving Your Privacy Online 1:02:26

18+ y ago1:02:26

1:02:26

Our right to privacy is under attack today. Actually, no one denies our right to privacy. However, in reality, this right is being eroded more and more as every minute passes. Some of this has to do with the war on terror, but much of it simply has to do with the fact that our online actions can and are being recorded in minute detail. In this pres…

1
David Litchfield: Database Forensics 1:03:44

18+ y ago1:03:44

1:03:44

Since the state of California passed the Database Security Breach Notification Act (SB 1386) in 2003 another 34 states have passed similar legislation with more set to follow. In January 2007 TJX announced they had suffered a database security breach with 45.6 million credits card details stolen - the largest known breach so far. In 2006 there were…

1
John Heasman: Hacking the extensible Firmware Interface 52:09

18+ y ago52:09

52:09

Macs use an ultra-modern industry standard technology called EFI to handle booting. Sadly, Windows XP, and even Vista, are stuck in the 1980s with old-fashioned BIOS. But with Boot Camp, the Mac can operate smoothly in both centuries." - Quote taken from http://www.apple.com/macosx/bootcamp/ The Extensible Firmware Interface (EFI) has long been tou…

1
David Maynor & Robert Graham: Simple Solutions to Complex Problems from the Lazy Hacker?s Handbook: What Your Security Vendor Doesn?t Want You to Know . 50:31

18+ y ago50:31

50:31

Security is very hard these days: lots of new attack vectors, lots of new acronyms, compliance issues, and the old problems aren?t fading away like predicted. What?s a security person to do? Take a lesson from your adversary... Hackers are famous for being lazy -- that?s why they?re hackers instead of productive members of society. They want to fin…

1
Haroon Meer & Marco Slaviero: It's all about the timing 1:13:22

18+ y ago1:13:22

1:13:22

It's all about the timing... Timing attacks have been exploited in the wild for ages, with the famous TENEX memory paging timing attack dating back to January of 1972. In recent times timing attacks have largely been relegated to use only by cryptographers and cryptanalysts. In this presentation SensePost analysts will show that timing attacks are …

1
Luis Miras: Other Wireless: New ways of being Pwned 1:02:59

18+ y ago1:02:59

1:02:59

There are many other wireless devices besides Wifi and Bluetooth. This talk examines the security of some of these devices, including wireless keyboards, mice, and presenters. Many of these devices are designed to be as cost effective as possible. These cost reductions directly impact their security. Examples of chip level sniffing will be shown as…

1
Ben Feinstein & Daniel Peck: CaffeineMonkey: Automated Collection, Detection and Analysis of Malicious JavaScript 1:00:18

18+ y ago1:00:18

1:00:18

The web browser is ever increasing in its importance to many organizations. Far from its origin as an application for fetching and rendering HTML, today?s web browser offers an expansive attack surface to exploit. All the major browsers now include full-featured runtime engines for a variety of interpreted scripting languages, including the popular…

1
Jim Christy: Meet the Feds 1:13:48

18+ y ago1:13:48

1:13:48

Discussion of the power of Digital Forensics today and the real-world challenges. Also discuss the Defense Cyber Crime Center (DC3) and the triad of organizations that comprise DC3; The Defense Computer Forensics Lab, the Defense Cyber Crime Institute, and the Defense Cyber Investigations Training Academy. The evolving discipline of cyber crime inv…

1
Tony Sager: KEYNOTE: The NSA Information Assurance Directorate and the National Security Community 46:15

18+ y ago46:15

46:15

The Information Assurance Directorate (IAD) within the National Security Agency (NSA) is charged in part with providing security guidance to the national security community. Within the IAD, the Vulnerability Analysis and Operations (VAO) Group identifies and analyzes vulnerabilities found in the technology, information, and operations of the Depart…

1
Bruce Schneier: KEYNOTE: The Psychology of Security 49:21

18+ y ago49:21

49:21

Security is both a feeling and a reality. You can feel secure without actually being secure, and you can be secure even though you don't feel secure. In the industry, we tend to discount the feeling in favor of the reality, but the difference between the two is important. It explains why we have so much security theater that doesn't work, and why s…

1
Pedram Amini & Aaron Portnoy: Fuzzing Sucks! (or Fuzz it Like you Mean it!) 1:13:03

18+ y ago1:13:03

1:13:03

Face it, fuzzing sucks. Even the most expensive commercial fuzzing suites leave much to be desired by way of automation. Perhaps the reason for this is that even the most rudimentary fuzzers are surprisingly effective. None the less, if you are serious about fuzz testing in as much a scientific process as possible than you have no doubt been disapp…

1
Brandon Baker: Kick Ass Hypervisoring: Windows Server Virtualization 59:03

18+ y ago59:03

59:03

Virtualization is changing how operating systems function and how enterprises manage data centers. Windows Server Virtualization, a component of Windows Server 2008, will introduce new virtualization capabilities to the Windows operating system. This talk will focus on security model of the system, with emphasis on design choices and deployment con…

1
Rohyt Belani & Keith Jones: Smoke 'em Out! 1:20:42

18+ y ago1:20:42

1:20:42

Tracing a malicious insider is hard; proving their guilt even harder. In this talk, we will discuss the challenges faced by digital investigators in solving electronic crime committed by knowledgeable insiders. These challenges will be presented in light of three real world investigations conducted by the presenters. The focus of this talk will on …

1
Yoriy Bolygin: Remote and Local Exploitation of Network Drivers 1:14:40

18+ y ago1:14:40

1:14:40

During 2006 vulnerabilities in wireless LAN drivers gained an increasing attention in security community. One can explain this by the fact that any hacker can take control over every vulnerable laptop of entire enterprise without any "visible" connection with those laptops and execute a malicious code in kernel. This work describes the process behi…

1
Jamie Butler & Kris Kendall: Blackout: What Really Happened... 1:10:25

18+ y ago1:10:25

1:10:25

Malicious software authors use code injection techniques to avoid detection, bypass host-level security controls, thwart the efforts of human analysts, and make traditional memory forensics ineffective. Often a forensic examiner or incident response analyst may not know the weaknesses of the tools they are using or the advantage the attacker has ov…

1
David Byrne: Intranet Invasion With Anti-DNS Pinning 53:54

18+ y ago53:54

53:54

Cross Site Scripting has received much attention over the last several years, although some of its more ominous implications have not received much attention. Anti-DNS pinning is a relatively new threat that, while not well understood by most security professionals, is far from theoretical. This presentation will focus on a live demonstration of an…

1
Stephan Chenette & Moti Joseph: Defeating Web Browser Heap Spray Attacks 35:27

18+ y ago35:27

35:27

In 2007 black hat Europe a talk was given titled: "Heap Feng Shui in JavaScript" That presentation introduced a new technique for precise manipulation of the browser heap layout using specific sequences of JavaScript allocations. This allowed an attacker to set up the heap in any desired state and exploit difficult heap corruption vulnerabilities w…

1
Brian Chess, Jacob West, Sean Fay & Toshinari Kureha: Iron Chef Blackhat 57:41

18+ y ago57:41

57:41

Get ready for the code to fly as two masters compete to discover as many security vulnerabilities in a single application as possible. In the spirit of the Food Network?s cult favorite show, Iron Chef, our Chairman will reveal the surprise ingredient (the code), and then let the challenger and the ?Iron Hacker? face off in a frenetic security battl…

1
Jennifer Granick: Disclosure and Intellectual Property Law: Case Studies 1:13:44

18+ y ago1:13:44

1:13:44

The simple decision by a researcher to tell what he or she has discovered about a software product or website can be very complicated both legally and ethically. The applicable legal rules are complicated, there isn?t necessarily any precedent, and what rules there are may be in flux. In this presentation, I will use Cisco and ISS's lawsuit against…

1
David Coffey & John Viega: Building an Effective Application Security Practice on a Shoestring Budget 1:07:57

18+ y ago1:07:57

1:07:57

Software companies inevitably produce insecure code. In 2006 alone, CERT has recognized over 8,000 published vulnerabilities in applications. Attackers were previously occupied by the weaker operating systems and have moved on to easier targets: applications. What makes this situation worse, is the weaponization of these exploits and the business d…

1
Job De Haas: Side Channel Attacks (DPA) and Countermeasures for Embedded Systems 1:19:23

18+ y ago1:19:23

1:19:23

For 10 years Side Channel Analysis and its related attacks have been the primary focus in the field of smart cards. These cryptographic devices are built with the primary objective to resist tampering and guard secrets. Embedded systems in general have a much lower security profile. This talk explores the use and impact of Side Channel Analysis on …

1
Jared DeMott, Dr. Richard Enbody & Dr. Bill Punch: Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing 40:05

18+ y ago40:05

40:05

Runtime code coverage analysis is feasible and useful when application source code is not available. An evolutionary test tool receiving such statistics can use that information as fitness for pools of sessions to actively learn the interface protocol. We call this activity grey-box fuzzing. We intend to show that, when applicable, grey-box fuzzing…

1
Barrie Dempster: VOIP Security 44:32

18+ y ago44:32

44:32

As VoIP products and services increase in popularity and as the "convergence" buzzword is used as the major selling point, it's time that the impact of such convergence and other VoIP security issues underwent a thorough security review. This presentation will discuss the current issues in VoIP security, explain why the current focus is slightly wr…

1
Roger Dingledine: TOR 1:10:32

18+ y ago1:10:32

1:10:32

Tor project, an anonymous communication system for the Internet that has been funded by both the US Navy and the Electronic Frontier Foundation.By feedback@blackhat.com (Black Hat RSS Feed)

1
Mark Dowd, John Mcdonald & Neel Mehta: Breaking C++ Applications 1:15:15

18+ y ago1:15:15

1:15:15

This presentation addresses the stated problem by focusing specifically on C++-based security, and outlines types of vulnerabilities that can exist in C++ applications. It will examine not only the base language, but also covers APIs and auxillary functionality provided by common platforms, primarily the contemporary Windows OSs. The topics that wi…

1
Joel Eriksson & Panel: Kernel Wars 1:13:34

18+ y ago1:13:34

1:13:34

Kernel vulnerabilities are often deemed unexploitable or at least unlikely to be exploited reliably. Although it's true that kernel-mode exploitation often presents some new challenges for exploit developers, it still all boils down to ""creative debugging"" and knowledge about the target in question. This talk intends to demystify kernel-mode expl…

1
Justin N. Ferguson: Understanding the Heap by Breaking It: A Case Study of the Heap as a Persistent Data Structure Through Non-traditional Exploitation Techniques 47:13

18+ y ago47:13

47:13

Traditional exploitation techniques of overwriting heap metadata has been discussed ad-nauseum, however due to this common perspective the flexibility in abuse of the heap is commonly overlooked. This presentation examines a flaw that was found in several popular open-source applications including mod_auth_kerb (Apache Kerberos Authentication), Sam…

1
Kevvie Fowler: SQL Server Database Forensics 1:04:22

18+ y ago1:04:22

1:04:22

Databases are the single most valuable asset a business owns. Databases store and process critical healthcare, financial and corporate data, yet businesses place very little focus on securing and logging the underlying database transactions. As well, in an effort to trim costs, many organizations are consolidating several databases on to single mis…

Podcasts Worth a Listen

Evrone Podcasts

Podcasts Worth a Listen

Quick Reference Guide