CONTENTS
|
Automating Attack and Defense Strategies in Cybersecurity Ionuț LATEȘ, Cătălin BOJA 5 Given the ongoing development and variety of cyber threats, there is a growing urgency for a proactive and efficient approach to IT security. This article presents a novel approach to auto-mating cyber security attack and defense techniques by using automated Cyber Range scenario development. In light of the intricate and ever-changing nature of the current cyber context, characterized by the continuous discovery of new vulnerabilities and quick evolution of attacks, it is imperative to establish effective and flexible testing and training methodologies. Therefore, by utilizing specific data such as operating system versions, application versions, and recog-nized vulnerabilities (CVEs), it becomes feasible to automatically generate appropriate and au-thentic test scenarios inside a Cyber Range. There are several advantages to using this strategy. Organizations can enhance the efficiency and accuracy of their cybersecurity assessment pro-cess by using a Cyber Range scenario automation platform. Additionally, automation facilitates swift adjustment to emerging threats and technological advancements, allowing for the prompt detection and resolution of weaknesses in a more expedient and effective manner. Nevertheless, the process of adopting such a solution is not devoid of its difficulties. These encompass tech-nical factors like the platform's ability to work well with other systems and its capacity to handle growth, as well as conceptual factors like guaranteeing that automatically created scenarios are both meaningful and realistic. Nevertheless, it is crucial to recognize and tackle these ob-stacles in order to effectively exploit the capabilities of automation in the Cyber Range. To summarize, the implementation of automated Cyber Range scenario production is not just a development, but a crucial requirement for effectively handling the intricacy and volatility of contemporary cyber threats. Organizations can enhance their ability to defend against cyber threats and improve their response to the dynamic digital landscape by implementing creative strategies. Keywords: Cyber Range, Automation, Cyber-Security, Capture The Flag, Cyber Training Agile Software Development in the Cloud Using Citizen Development Marian STOICA, Alexandru-Ionuț NIȚU 16 Bucharest University of Economic Studies, Bucharest, Romania The field of information and communication technology remains highly dynamic and continues to be prolific in the emergence of new and innovative paradigms, methods or concepts. In this context, we aim to highlight the evolution of the Citizen Development concept and the impact of Low-Code/No-Code (LCNC) platforms on business software development. These solutions de-mocratize access to programming and allow users without formal technical knowledge to cre-ate agile software applications adaptable to various business scenarios. The progress of cloud computing, together with the need for rapid digital transformation and the increasing demand for software solutions, has accelerated the adoption of LCNC. However, the use of these plat-forms also involves challenges that may affect security, compliance with existing regulations, and the overall quality of applications. Thus, designing a hybrid collaboration model between software development teams and Citizen Development becomes essential for the successful im-plementation of applications created using these technologies. Despite the challenges, LCNC remains a suitable solution for innovation and digital transformation. The future may also rely on artificial intelligence integration, supporting agile development through intuitive interactions and enabling application creation via textual descriptions or even voice commands in natural language. Keywords: Agile software development, Cloud computing, Citizen development, Low-code, No-code A Framework for Automated Digital Media Asset Acquisition using Cloud Adrian VINTILĂ, Constanța-Nicoleta BODEA 29 This paper presents a cloud-based automated media asset acquisition framework designed to enhance the efficiency and speed of media ingest workflows in broadcast environments. Traditional media ingestion, particularly in news production, often involves manual processes such as physical file transfers, operator intervention, and transcoding delays, which can slow down content availability. Our proposed framework leverages cloud storage, mobile journalism technology, and automation scripts to eliminate these inefficiencies. By developing a dedicated mobile application, integrating cloud storage with automated monitoring and downloading mechanisms, and employing a local watchfolder-based transcoding system, the workflow minimizes human intervention and significantly reduces media ingest time. We conducted a series of comparative real-world experiments evaluating the new framework against conventional workflows in a news television station, measuring ingest time and resource utilization. The results demonstrate that our automated solution outperforms traditional and alternative cloud-based methods, reducing ingest time by up to fifteen times while eliminating the need for additional personnel. These findings highlight the potential of automation and cloud computing to optimize media workflows, ultimately improving production speed and operational efficiency which can also lead to potential economic benefits. Keywords: Cloud, Automation, Media asset acquisition, Ingest, Broadcast Smart Contracts Business Model Canvas Silviu OJOG, Alina-Andrea MIRON 44 Smart Contracts are the central piece of Ethereum and other compatible blockchains. Their role is to build trusted functionality that unknown parties can interact with. However, their value proposition can be undermined by different security exploits. In many cases, vulnerabilities are overlooked not due to neglect but due to a systematic approach in the review process. This paper aims to appeal to existing frameworks for understanding the business context and provide standardized thinking on auditing smart contracts. The power of a framework lies in the fact that it ensures that auditors do not overlook critical aspects of their vulnerability. Keywords: Blockchain, Smart Contract, Business Model Canvas, Audit, Ethereum, Exploit, Vulnerability, Solidity, Security Roku: A payload Generator Framework for Advanced System Exploitations Alexandru-Cristian BARDAȘ 54 In the era of continuous tech advances, generative AI and a constant push towards quantum technologies, we are still dealing with the constant cat and mouse game between attackers and defenders in the cyber space. This challenge between these two sides drives them to evolve and try to outsmart the other. This paper aims to present some of the more complex methodologies adopted by attackers, to showcase how they would be done, helping defenders in improving against these age-old threats. I will detail vulnerabilities of the Windows kernel, some of the most common evasion techniques and attack surfaces, as well as the process of writing rootkits and ransomwares. Keywords: Ransomware, Rootkit, Antivirus, APT, CVE Explainable Feature Engineering for Multi-class Money Laundering Classification Petre-Cornel GRIGORESCU, Antoaneta AMZA 64 This paper provides insight into typical money laundering typologies used in the financial crime domain and provides a concrete set of methods through the use of which fraudulent transactions may be classified using traditional machine learning algorithms and proving the efficacy of tree-based models in not only predictive power, but also explainability and ease of interpretation of results. Keywords: Anti-money laundering, Machine learning, Tree-based models, Explainability Publishing Guide for Authors 78 INFOREC Association 80 |
