How to dip your 🦶 into Open Source

Contributing to Open Source projects can be a valuable experience for beginner programmers. It can help you learn new skills, build your portfolio, make connections, make a difference, and gain recognition for your work.

But... how do I start? Well here's an option to get you started ☟

Google's Summer of Code (GSoC) is an online mentorship program that matches beginner contributors to open source software development with mentors from open source projects ❋

GSoC takes place every year mid January with registration to be a contributor usually opening around mid March. Unfortunately for this year (2023) the application deadline is tomorrow シ (April 4)

However! There are so many open source projects available this year so I highly encourage you to try to apply even if its past April 4 you might get lucky 🍀

The key to getting accepted by an org is to interact with their developer community and keep in contact with the orgs mentors. This is why I believe even if they application period has ended if you join the orgs online communication app and involve yourself in the community and keep sharing your skills and expertise with them you will still have a good chance of being able to join!

Best of luck! (づ｡◕‿���◕｡)づ

(even if it doesn't work out this year there will always be the next and the next and the next... I recommend checking out the archive for how the previous years went to better prepare yourself to jump on this opportunity next year!!)

Artfight!!

First time entering art fight(always wanted to but I didnt understand how it worked till recently)!! Gonna be attacking so many fellow x men fans🙏🙏(feel free to send me your profile links)

my profile ->

Open-source software program is software that's made accessible to the general public. Anybody with the right technical expertise can contribute. Programmers can access open-source code, and even no-code people can make a contribution to it. Open-source software program provides anybody the chance to contribute their data. Inexperienced persons in tech desirous to get real-life expertise may contribute to open supply to study and get the publicity they

My friend Marty & his wife went to Canada & sent me pics from the #GSOC It solidified “attend a GSOC” on my bucket list. I have so many outfit options to pick from too! Super proud of the way @teamniklasedin played this past week - they were undefeated up until the final 👏 So happy to see 🐐 @niklasedin back w/ the team although Kevin Martin did say in his latest podcast that Nik’s in a lot of pain 🥺 Funny how Team Edin was not on anyone’s list for the GSOC picks to make playoffs on Inside Curling the previous week but both Kevin Martin & Warren Hansen had Edin to make the final the following week. Even if Nik wasn’t confirmed to play, Oskar, Rasmus & Crippa have proven themselves capable of playing & winning w/o Nik. . . I’m bummed that my #Icevengers didn’t win Team of the Year in the Swedish sports gala - they lost to a table tennis duo who won 2021 Worlds & 2022 European Championships in their discipline. Bruh Worlds & Olympic gold in the same year seems more impressive to me… but maybe Team Edin really aren’t that known or popular in Sweden. Table tennis seams like a more niche sport to me than #curling but that’s partly my bias since I curl & actively look for curling streams & content. I admit, it’s my bias to want to see Team Edin win everything. Glad they are still on top of the Pinty’s Cup leaderboard after reaching the finals yesterday. Here’s to continued success & winning not just another Worlds gold for my birthday but winning more GSOC titles & claiming that Pinty’s Cup at the end of the season 👊💪 . . 🥌💙💛🇸🇪🥌💙💛🇸🇪🥌💙💛🇸🇪 #NiklasEdin #Bionik #GOAT #comeback #OskarEriksson #RasmusWranå #ChristofferSundgren #worldsbestlead #TeamEdin #CurlingMachine #Sweden #EdinForTheWin #athlete #olympian #sports #wintersports #olympicchampion #olympicgoldmedalist #worldchampion #europeanchampion #mcm #mancrushmonday #HardlineNation #IBELIEVEEDINWILLWIN 🥌💙💛🇸🇪🥌💙💛🇸🇪🥌💙💛🇸🇪 . . 📸 Marty Blomgren https://www.instagram.com/p/CngUJF9LU7d/?igshid=NGJjMDIxMWI=

Fujisawa wins Co-op Canadian Open to become first GSOC champion from Asia

History was made at the Co-op Canadian Open as Japan’s Team Satsuki Fujisawa became the first Asian-based club to capture a Pinty’s Grand Slam of Curling title.

Fujisawa fended off five-time Grand Slam champion Kerri Einarson 5-3 during the women’s final Sunday at Encana Arena.

The foursome of Fujisawa, third Chinami Yoshida, second Yumi Suzuki and lead Yurika Yoshida earned $33,000 from the prize purse plus 12 Pinty’s Cup points.

“It was one of our big goals in curling,” Chinami Yoshida said with a smile. “We won two Olympic medals and one world championship medal but we hadn’t advanced to the Grand Slam final. We took maybe seven years but we did it today, so it feels so amazing.”

Calgary’s J.D. Lind has coached them since they made the jump out of juniors a decade ago — “when they were very much just raw talent and developing,” he said — and has seen them climb every step from winning silver at the world championship to bronze and silver medals at the Olympics and now a Grand Slam title.

“This was always something that you dream of doing,” Lind said. “To think that we finally won a Grand Slam, it’s an amazing accomplishment, it’s really tough to do.

“I think when you are a Japanese team and nobody has ever done it before, it’s really difficult to be the first. Even if you know you’re good enough, to be the first is always very difficult because you never fully believe it until it happens. Hopefully, now that we’ve done it we’ll see even more Pacific-Asia teams excel at the Slams.”

Team Fujisawa was on fire all week finishing with a perfect 6-0 win-loss record and shooting 91 per cent as a unit during the final.

“The Grand Slams tournaments are one of the highest competitions in the world, so that’s why it feels so weird that we’re champions right now,” Chinami Yoshida said.

She added: “For all of the Japanese curlers, it’s kind of a dream to be a champion of the Grand Slams but right now, it’s not just a dream, it’s a goal. I hope that not just us but maybe every Japanese team coming to the Grand Slams can compete at this amazing competition together.”

GSOC probe launched into motorbike crash that left young man with serious injuries after Garda chase | In Trend Today

GSOC probe launched into motorbike crash that left young man with serious injuries after Garda chase Read Full Text or Full Article on MAG NEWS

View On WordPress

GSOC probe launched into motorbike crash that left young man with serious injuries after Garda chase | In Trend Today

GSOC probe launched into motorbike crash that left young man with serious injuries after Garda chase Read Full Text or Full Article on MAG NEWS

View On WordPress

Starting now: last stream of the month

...and announcement for the first stream of the new one:

As you can see, we haven't set up a February schedule (yet), but one thing is sure: next Thursday, we'll be using our February @bobaboard slot for a "Google Summer of Code" application exercise!

What is Google Summer of Code?

An annual program where Google gives newcomers to open source development a stipend to work on a project while being closely mentored by the hosting organization.

Is BobaBoard Applying to GSOC?

Probably not! We've been mulling on it for a couple years, but don't yet feel ready for it. We're still within the deadline though :)

So what will you be doing on stream?

Even without applying, the teams feel that the "defining a project ideas list" exercise is a great task to take a swing at! Rather than doing this in a private meeting, we're going to attempt doing it publicly on stream!

See you:

on Thursday February 1st at 3PM PST (for BobaBoard)

Right now for RobinBoob!

OOC: Of thoughts, reflections, and news.

Right then, we'll keep it short and sweet.

Back in 2019, I ended my tenure as a teacher due to mainly poor treatment, lack of a proper wage, and extremely poor management in my district.

December of that year, I ended up picking up a security gig, Graveyard hours, which I never expected to last.

I'm now what, about 4 years and change in at the same job. I've gone from patrol, to GSOC, to Supervisor. Truth is it's still miserable, but it pays the bills.

Doesn't really leave a whole lot of time for anything. But I digress, the point is to keep this short.

In those four years or so, I've lost family, both blood and those I work with. That's life, it's a bitter dram, but we drink it none the less.

That ought to suffice for the reflection, now onto news.

Time permitting, there is a chance I will like as not, convert this page over to something along the line of telling the story of a DnD campaign I'm currently in. If I end up doing this it'll be, in character, and likely in first person.

That's about it. Think of it as therapeutic writing to just allow myself to disassociate from all the crap in the world.

If you like it great, if not meh.

Hoping your all doing well.

-Ith

OSRR: 3697

leo's momma has been really sick for a long time, and this morning she finally succumbed to it.

my heart is with him and his family as they deal with an unimaginable loss.

work was fine today. busy. annoying. but fine.

i did end up working an extra hour today to wait for coverage for the gsoc, but then i was able to go with joel to applebees for dinner. we stopped so i could get gas afterwards too.

we're in bed now. i want cuddles but i do not.

also i just want to sit with leo. just quietly existing in the same space. i want him to know my love and comfort for him are real. i just love them both so much.

september bucket list:

make a comp sci project that solves a problem and use a decent tech stack for the codebase.

participate in 2-3 hackathons and submit a project.

complete webdev course before 5 sept.

eat healthy in lunch and dinner (make smoothies for lunch and chillas for dinner).

extra:

explore gsoc open source repositories and/or raise issue and/or request to solve an issue.

make a project using openai's api keys.

That's all baby gurl, please don't waste the time you don't have 💋!

Let's code n get internship💫!

4 ways to advance your global security operations center - CyberTalk

New Post has been published on https://thedigitalinsider.com/4-ways-to-advance-your-global-security-operations-center-cybertalk/

4 ways to advance your global security operations center - CyberTalk

EXECUTIVE SUMMARY:

If your organization maintains a Global Security Operations Center (GSOC), ensure that you’re not heavily reliant on legacy systems and processes. In this article, find out about how to strategically advance your operations, enabling you to effectively prevent threats and drive more sustainable business outcomes.

What is a global security operations center?

In the early days of computing, a Security Operations Center (SOC) functioned as a physical ‘command center’ for security analysts. SOCs were comprised of rooms where staff sat shoulder-to-shoulder, looking at screens showing details from dozens of different security tools.

Large organizations with multiple Security Operations Centers (SOCs) began to consolidate them into Regional Security Operations Centers (RSOC) or a Global Security Operations Center, leading to faster remediation, reduced risk and a stronger cyber security posture overall.

In terms of function, a global security operations center monitors security, addresses threats before they become disruptive issues, responds to incidents, and liaise with stakeholders.

What are the benefits of a global security operations center?

A global security operations center allows an organization to contend with diverse security threats at-scale. Specific benefits include continuous monitoring, centralized visibility, increased efficiency and reduced costs. A global security operations center can also oversee and coordinate regional SOCs, network operations centers (NOCs) and operational teams.

What makes a good global security operations center?

For any global security operations center, access to timely and relevant threat intelligence is critical. GSOC staff need to remain updated on emerging cyber and physical security threats, as to stay ahead of potential risks.

Highly trained staff who can collaborate effectively with all stakeholders are also invaluable assets for a global security operations center.

Top-tier GSOCs have built-in redundancies of all kinds; from communication to data backups.

All GSOCs need to ensure that their organization adheres to industry regulations and compliance standards.

4 ways to advance your global security operations center

1. Ensure that the cyber security strategy aligns with business objectives. GSOCs need to know what the business aims to achieve, and must understand the corresponding threats and vulnerabilities that could hamper progress. Risk assessments should include both cyber security and business stakeholders, who can assist with the identification of resources that require protection.

Security policies and standards should also meet customer expectations. To gain insight around this, cyber security leaders may wish to join business planning meetings. Attendance can also assist with awareness around any upcoming business changes and implementation of appropriate, corresponding security measures.

2. Global security operations centers should shift towards the zero trust model. Zero trust is designed to reduce cyber security risk by eliminating implicit trust within an organization’s IT infrastructure. It states that a user should only have access and permissions required to fulfill their role.

Implementation of zero trust can be tough, especially if an organization has numerous interconnected and distributed systems. Organizations can simplify zero trust implementation through vendor-based solutions.

Tools like Quantum SASE Private Access allow teams to quickly connect users, sites, clouds and resources with a zero trust network access policy. In under an hour, security teams can apply least privilege to any enterprise resource.

Security gateways also enable organizations to create network segmentation. With detailed visibility into users, groups, applications, machines and connection types, gateways allow security professionals to easily set and enforce a ‘least privileged’ access policy.

3. Advance your global security operations center by mapping to industry standards and detection frameworks. Explore the MITRE ATT&CK framework. Standards like NIST and ISO27001 can also assist with identifying and reconciling gaps in an organization’s existing security systems.

4. Consider deploying a tool like Horizon SOC, which allows organizations to utilize the exact same tools that are used by Check Point Security Research, a leading provider of cyber threat intelligence globally.

Horizon SOC offers 99.9% precision across network, cloud, endpoint, mobile and IoT. Easily deployed as a unified cloud-based platform, it has powerful AI-based features designed to increase security operations efficiency.

Further thoughts

Strategic updates to global security operations centers not only enhance cyber security, they also enrich overarching business resilience – an increasingly common point of discussion among C-level stakeholders and the board.

By implementing the suggestions outlined above, organizations will maximize their opportunities for business longevity and continued business success.

Related resources

My Swedes had 2 playoff games yesterday & won both of them to book their spot in the #GSOC final!!! They won the QF over Team Dropkin 6-2 and ran Team Gushue out of rocks in the SF for the 8-5 win 🙌 *flailing arms & legs* I will FINALLY get to see @teamniklasedin in a featured game. When the Edin v Gushue A qualifier game didn’t get featured I knew my #Icevengers had to get to the final before I could see front-end stones thrown. Still wary that I won’t get to see #worldsbestlead @cr1ppa ‘s rocks since broadcasts tend to go on commercial break & not show lead stones. I need my Swedes to win this GSOC & protect their lead in the Pinty’s Cup leaderboard 🙏🤞 They’re going to win the Pinty’s Cup at the end of the season *I’m manifesting it* . . Commentators and media sure have been amazed at 🐐 @niklasedin ‘s #comeback calling him a medical marvel & the brace he wears magical. His modified slide out of the hack is a clear indication that he is not 100% & he himself have said repeatedly that he still has months of recovery left before his knee is fully bendy again, but you wouldn’t know just by looking at the scores, stats, or Nik himself once he’s out of the hack or skipping in the house. Check out Jonathan Brazeau’s latest recap of yesterday’s game on SN: https://www.sportsnet.ca/curling/article/einarson-reaches-sixth-straight-grand-slam-final-at-co-op-canadian-open/ . . Lycka till 🐐 @niklasedin @oggelit @rasmuswrana @cr1ppa Rooting for you to win another GSOC title in a few hours. LFG! . . 🥌💙💛🇸🇪🥌💙💛🇸🇪🥌💙💛🇸🇪 #NiklasEdin #GOAT #Bionik #OskarEriksson #RasmusWranå #ChristofferSundgren #TeamEdin #Swedish #EdinForTheWin #Sweden #athlete #olympian #OlympicChampion #olympicgoldmedalist #worldchampion #europeanchampion #curling #HardlineNation #GreatestOfAllTime #simplythebest #bestintheworld #bestbackendinhistory #IBELIEVEEDINWILLWIN 🥌💙💛🇸🇪🥌💙💛🇸🇪🥌💙💛🇸🇪 . . 📸 GSOC https://www.instagram.com/p/CncXx2aJId4/?igshid=NGJjMDIxMWI=

Capa Explorer Web: Web-based Program Ability Analysis Tools

Capa Explorer Web

The FLARE team at Mandiant created capa, a reverse engineering tool that automates the capability identification of programs. The capa analysis results can be visualized in an easy-to-use and interactive manner with the help of the capa Explorer Web UI.

What is Capa Explorer Web?

Capa Explorer Web is a web-based tool for investigating the capabilities that capa has found. With the help of this application, you can interactively browse and view capa findings in various ways.

As part of the Google Summer of Code (GSoC) project that the Mandiant FLARE team mentored in 2024, Soufiane Fariss (@s-ff) built this feature.

Context

Capa extracts characteristics from programs by analyzing them with a variety of backends, including Ghidra, CAPE, and IDA Pro. It then determines capabilities by comparing these attributes to expert-written guidelines. When a program’s extracted features satisfy the set of requirements stated in a capability rule, the program matches the rule.

The capa Explorer IDA plugin was the sole tool available for interactively exploring capa rule matches prior to the release of capa Explorer Web. Without IDA Pro, analysts lacked a graphical user interface for quickly reviewing capa results. This was particularly a problem for the examination of dynamic results, a function included in capa v7.0 for determining capabilities from sandbox traces, because of the volume of data.

Introducing capa Explorer Web

Results of a capa analysis can be seen in an easy-to-use and interactive manner using capa Explorer Web. Viewers are able to peruse rule matches and get the rationale for them. Results are searchable, filtered, and sorted by analysts. The interface provides many views, such as a function-centric view for static analysis, a process-tree view for dynamic analysis results, and a table view with rule match details.

Getting started

You can start examining capa results right away by visiting its GitHub website to access capa Explorer Web. You can download an HTML file that is standalone from the website for use offline. It’s an HTML file that can be accessed locally in a browser and functions without an Internet connection, much like CyberChef.

To begin creating a capa result document, simply do the following short steps:

Install the most recent standalone executable version of capa, for example.

Examine a sample, then store the JSON output: capa.exe -j /path/to/file > result.json

Launch Capa Explorer Web and import the JSON results file.

Loading capa Results

You can load capa result documents from local JSON files, including Gzipped files, using capa Explorer Web. Your browser does all of the processing; no data is sent to servers.

Displaying Rule Match Details in the Default Table View

The built-in web user interface (UI) shows recognized program capabilities as a rule match table. Expand, sort, filter, and search rule match details are available to users. This facilitates faster sample triage for analysts. Every rule match’s specific details, including matched characteristics and their addresses, are displayed in the table. Furthermore, users have the ability to examine and refine rule meta data like namespaces, related MITRE ATT&CK methods, and Malware Behavior Catalog (MBC) classifications.Image credit to Google Cloud

The above Figure shows how an analyst can examine a rule match’s specifics using capa Explorer Web. The characteristics that have been detected, together with their program position, can be viewed by expanding the “inject APC” match row. This knowledge can facilitate the process of identifying important behaviors and provide help for further research, such as when looking through sandbox traces, troubleshooting a sample, or decomposing a file.

Below Figure shows how analysts might use the results of capa’s dynamic analysis to find suspicious processes that behave maliciously. As an example, the ostensibly benign process “explorer.exe” is demonstrated to be utilizing the InternetCrackUrl API and passing in potentially harmful URLs as arguments, like hxxps://216.201.159[.]118:443/cHOPH1oQ.php. This notable feature also offers potential network-based signs for additional investigation, hinting at possible process injection.Image credit to Google Cloud

Rule Match Context

Additional explorer capability can be accessed by users by performing a right-click on a match row. This can involve looking at the rule source description, accessing the rule definition on the Capa Rules website, or using VirusTotal to look for samples that have this feature to obtain more comprehensive threat intelligence insights. To perform a VirusTotal lookup, a premium account is needed.

Alternative Views Grouping Functions and Processes

Organized according to their placement within the studied sample, the function and process capability views in capa Explorer Web provide detailed insights into the functionality of the programs. Reverse engineers can rapidly discover functions with key behavior by grouping rule matches by function address in the function capabilities view for static analysis results.

The process capabilities view shows information about Process ID (PID) and Parent Process ID (PPID) for dynamic analysis findings, arranging matches by process in a tree structure. The matching rule matches can be seen by hovering over a process column.

VirusTotal and capa Explorer Web integration

Since January 2023, capa has been incorporated into VirusTotal’s analysis. With its new user interface connection, users may examine capa findings straight from VirusTotal. This eliminates the requirement for you to obtain a sample and use CAPAC to analyze it locally. Open the capa Explorer Web by going to  Behavior > Download Artifacts > Open in CAPA Explorer. Use the Open in CAPA Explorer option next to Capabilities, or open in CAPA Explorer. For now, using this feature necessitates a paid subscription to VirusTotal.

Be aware that not every file has the results of the capa analysis available. Currently, the only executable types that capa supports for analysis are non-corrupted PE,.NET, and ELF x86/x64.

When examining a fresh sample on VirusTotal, an analyst has the option to navigate straight to Capa Explorer Web in order to pinpoint noteworthy areas inside the application. Prioritizing functions for in-depth code study in the chosen reverse engineering tool is made possible by this procedure.

Upcoming Projects

First intend to improve the process tree view mode of capa Explorer Web to better visualize the per-process matching. Furthermore, it is thinking adding extracted Indicators of Compromise (IoCs) for dynamic analysis to new perspectives. This might further improve the triage process by displaying extracted signs such as file locations, URLs, and registry keys.

Read more on govindhtech.com