List of videos

Read the abstract ➤ https://www.conf42.com/Python_2025_Chirag_Gajiwala_ai_python_cybersecurity Other sessions at this event ➤ https://www.conf42.com/python2025 Join Circle ➤ https://conf42.circle.so/checkout/subscribe Chapters 00:00 Introduction and Speaker Background 00:45 Deep Learning and Python Packages 01:05 Reinforcement Learning and Superhuman Capabilities 02:32 Generative Models: GANs vs VAEs 04:26 AI in Cybersecurity 06:55 Graph Neural Networks in Cybersecurity 08:09 Future of AI in Cybersecurity 09:17 Ethical Considerations in AI 10:26 Recurrent Neural Networks and Anomaly Detection 12:44 Transformer-Based Models and Time GPT 14:22 Python with Spark Integration 19:21 AI and Security Convergence 20:43 Key Takeaways and Conclusion

Read the abstract ➤ https://www.conf42.com/Python_2022_Shweta_Mishra_python_flask_api_google_colab Other sessions at this event ➤ https://www.conf42.com/python2022 Join Discord ➤ https://discord.gg/DnyHgrC7jC Chapters 0:00 intro 0:24 demo 11:59 thanks

JJ Asghar Developer Advocate at IBM JJ will walk you through deploying a simple python application to Kubernetes/OpenShift. We'll start from the ground up, then get a complete automated build. The goal is to enable your developers to focus on code, not the infrastructure! It's a chance to see the power of OpenShift and why taking the time to learn cloud native development can get you the velocity you need. Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Milecia McGregor Developer Advocate at Iterative It's easy to lose track of which changes gave you the best result when you start exploring multiple model architectures. Tracking the changes in your hyperparameter values, along with code and data changes, will help you build a more efficient model by giving you an exact reproduction of the conditions that made the model better. In this talk, you will learn how you can use the open-source tool, DVC, to increase reproducibility for two methods of tuning hyperparameters: grid search and random search. We'll go through a live demo of setting up and running grid search and random search experiments. By the end of the talk, you'll know how to add reproducibility to your existing projects. Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Marco Carranza Co-founder at Teamcore Tech Nowadays data is getting bigger and bigger, making it almost impossible to processed it in desktop machines. To solve this problems, a lot of new technologies (Hadoop, Spark, Presto, Dask, etc.) have emerged during the last years to process all the data using multiple clusters of computers. The challenge is that you will need to build your solutions on top of this technologies, requiring designing data processing pipelines and in some cases combining multiple technologies. However, in some cases we don't have enough time or resources to learn to use and setup a full infrastructure to run a couple experiments. Maybe you are a researcher with very limited resources or an startup with a tight schedule to launch a product to market. The objective of this talk is to present multiple strategies to process data as it grows, with the limitations of a single machine or with the use of clusters. The strategies will focus on technologies such as Pandas, Pyspark, Vaex and Modin. Outline 1.- Introduction (2 mins) 2.- Vertical scaling with Pandas and the Cloud (3 mins) 3.- Keeping the memory under control by reading the data by chunks (5 mins) 4.- Processing datasets larger than the available memory with Vaex (5 mins) 5.- Scaling Pandas with Modin and Dask (5 mins) 6.- All-in with Pyspark (5 mins) Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

David Melamed Co-Founder & CTO at Jit The minimum viable security (MVS) approach, enables us to easily bake security into our config files, apps, and CI/CD processes with a few simple controls built for Python applications. In this talk we will focus on five critical security controls that will be integrated as part of the CI/CD pipeline: Bandit for static application security (SAST), Gitleaks to detect hard-coded or insufficiently secured secrets, Python dependency checks (SCA), infrastructure as code (IaC) and ZAP for API and dynamic application security (DAST), in addition to custom controls to ensure proper enforcement of MFA via Github Security. These controls will provide a foundational framework for securing Python applications, from the first line of code, that will make it possible to continuously iterate and evolve our security maturity, for advanced layers of security that often comes with time, as well as increased experience. Code examples will be showcased as part of this session. Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Radu Vunvulea Group Head of Cloud Delivery at Endava This session aims to identify the tools that help us build secure applications and environments for Azure during the development journey. The focus is on the developers and the tools we can use to ensure that our code is secure and aligned with all the available best practices and recommendations. It’s a hands-on session, limited to 10 slides and a lot of demos. Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Tzachi Zornstain Head of CxDustico at Checkmarx Presentation Outline 1. Refresher on recent OSS attack, establishing: - A quick baseline of terminology and concepts, plus a focus on recent major attack found (PHP, Dependency confusion, etc) 2. Lack of visibility The Python Package Index (PyPI) deals with this issue by simply removing the malicious packages without publishing its code or metadata to a central point where the package could be found and researched. Quite similarly, NPM removes all Code and Metadata and place a generic “security holding package” label on the package webpage, although it does publish a security advisory with varying levels of specificity. Researchers are unable to learn from detected malicious packages. no IOC/contributor data = no hunting for more code packages. 3. Lack of validation One example is the process of publishing a python package to PyPi allows the publisher to link a GitHub repository to the package, then, PyPi pulls the repository statistics straight from GitHub and presents it on the package web page. The problem is, there is no validation of the connection between the package and the repository. We will demonstrate this technique we came to call StarJacking . 4. Lack of awareness The entire ecosystem is focused on detecting known Vulnerabilities, many security teams believe this risk Is cover under SCA products. This is not the case, Vulnerabilities ≠ Malware. We need a mindset shift and new technology stack to detect attackers in code packages. Reactive Vs Proactive, Static signature Vs Dynamic execution 5. Looking ahead Most of what we do today in the field of malicious open-source software can best be described as patch management. The “cyber” point of view has yet to enter this game. In this spirit, some thoughts of where we should be heading: • Malware zoo - code package hatchery • Sandbox for files - detonation chambers for dynamic analysis of code • Cross language detection • TTP’s • Bonus – contributors' reputation Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk

Filipi Pires Cyber Security Evangelist at senhasegura The purpose of this presentation is to use python scripts to perform some tests of efficiency and detection in various endpoint solutions, during our demonstration we`ll show a defensive security analysis with an offensive mind performing an execution some python scripts responsible for downloading some malware in Lab environment. The first objective will be to simulate targeted attacks using a python script to obtain a panoramic view of the resilience presented by the solution, with regard to the efficiency in its detection by signatures, NGAV and Machine Learning, running this script, the idea is to download these artifacts directly on the victim's machine. The second objective is to run more than one python script with daily malware, made available by MalwaresBazaar upon request via API access, downloanding daily batches of malwares. With the final product, the front responsible for the product will have an instrument capable of guiding a mitigation and / or correction process, as well as optimized improvement, based on the criticality of the risks. Article`s reference: https://pentestmag.com/product/pentest-build-your-own-pentest-lab-in-2021/ ( 2x Articles published | Exploitation with Shell Reverse and Infection with PowerShell using VBS File | Zusy Malware using MSI) https://pentestmag.com/product/pentest-powershell-for-pentesters/ ( 2x Articles published | Testing Creative Way Detection and Efficiency in Sophos Security Sensors | Outbreak Infection from Malware Bazaar, undetected by Sophos https://hakin9.org/product/malware-attacks/ (Hunting the Hunters-Detection and Efficiency Testing of Endpoint Security Sensors) https://pentestmag.com/product/pentest-ransomware-prevention/ ( 2x Articles Published | Threat Hunting Labs Engines Problems in Cybereason AV | Infection with Ransomware Using Delay in Applying Policies) https://hakin9.org/product/cyber-threat-intelligence/ (Infection with Malware By Script Python NOT Detected by AV) https://eforensicsmag.com/product/threat-hunting-what-why-how/ (Infection by Outbreak Attack Malicious) Similar presentations: https://www.youtube.com/watch?v=mJZCNqcO10A&t=51s (NahamCon's on RTV 2021 - Discovering C&C in Malicious PDFs) https://www.youtube.com/watch?v=nxlqxLWO16k (GrayHat - Red Team Village - 2020- US) - Malware Analysis https://www.youtube.com/watch?v=id7phzfgumg (GrayHat - Red Team Village - 2020 - US) - Pivoting Technique https://www.youtube.com/watch?v=oWkgyPgAMsg (BSIDES DFW - 2020 - US) - Malware Analysis https://youtu.be/-h34cWIf9T8?t=23973 (Hacktivity - Budapest 2020) - Dissecting Malware https://www.youtube.com/watch?v=9S41xfTGQDo (D.C. Cybersecurity Professionals - 2020 - US) - Cyber Threat Hunting: Identify and Hunt Down Intruders https://www.youtube.com/watch?v=yAjvfTYEhOw (D.C. Cybersecurity Professionals - 2020 - US) - Dissecting PDF Files to Malware Analysis https://www.youtube.com/watch?v=0pp6xcFsXgE&feature=youtu.be (HITB -2020 - Hack In The Box Security Conference - Europe) - Threat Hunting Other talks at this conference 🚀🪐 https://www.conf42.com​/python2022 — 0:00 Intro 0:24 Talk