SlideShare una empresa de Scribd logo

One Key to Rule Them All: Detecting the Skeleton Key Malware

Descargar como PPTX, PDF
Tal Be'ery
Tal Be'ery

Identity is one of the cornerstones of application security. On windows domains, identity is managed through Active Directory (AD) Domain service on the Domain Controller (DC). Therefore, it should come as no surprise that advanced attackers are actively targeting the DC. Earlier this year, Dell Secureworks had shared a report on an advanced attack campaign utilizing a dedicated DC malware, named “Skeleton Key” Malware. The Skeleton Key malware modifies the DC behavior to accept authentications specifying a secret ”Skeleton key” (i.e. “master key”) password, thus enabling the attackers to login from any computer as any domain user without installing any additional malware while keeping the original users’ authentication behavior. On this talk, we will explore the unique interaction between such malware functionality and the Kerberos authentication protocol; We will put a special emphasis on its manifestation over the network traffic. We will also share a script that implements the remotes detection of the skeleton key malware functionality. The talk was given on TCE2015 summer school, Technion, Israel

Tecnología
1 de 48
TCE2015 Summer School, September 2015
• The Villain: • The Damsel: • Damsel in distress: • Knight in shining Armor:
campaign http://www.tibco.com/blog/wp-content/uploads/2013/01/Hackers-With-An-Agenda.jpg
admin123
wrongpassword
P@$$w0rd1
admin 123 des_cbc_md5 f8fd987fa7153185 LSASS (kerberos) rc4_hmac_nt (NTLM/md4) cc36cf7a8514893e fccd332446158b1a aes128_hmac 8451bb37aa6d7ce3 d2a5c2d24d317af3 aes256_hmac 1a7ddce7264573ae1 f498ff41614cc7800 1cbf6e3142857cce2 566ce74a7f25b KDC KDC TGT TGS ③ TGS-REQ (Server) ④ TGS-REP ⑤ Usage User Server
• AES uses the username for salt • RC4-HMAC doesn’t have any! • AES uses PBKDF2= Thousands of SHA rounds • RC4-HMAC doesn’t have any!
KDC admin 123 User1 des_cbc_md5 f8fd987fa7153185 LSASS (kerberos) rc4_hmac_nt (NTLM/md4) cc36cf7a8514893e fccd332446158b1a aes128_hmac 8451bb37aa6d7ce3 d2a5c2d24d317af3 aes256_hmac 1a7ddce7264573ae1 f498ff41614cc7800 1cbf6e3142857cce2 566ce74a7f25b user rc4_hmac _nt aes256_ hmac Joe 21321… 543.. user1 cc36cf7a … 1a7ddc … Doe TGT
KDC User1 des_cbc_md5 LSASS (kerberos) rc4_hmac_nt (NTLM/md4) aes128_hmac aes256_hmac user rc4_hmac _nt aes256_ hmac Joe 21321… 543.. user1 cc36cf7a … 1a7ddc … TGT ff687678.... Pa$$w0rd1 ff687678…
KDC
Automatically… • Learn entities and their context • Profile entity activities and behaviors • Build the entities interaction graph • Identify suspicious activities • Connect suspicious activities into an Attack Timeline™ How Microsoft ATA works
1 ATA Analyzes all Active Directory- related traffic and collects relevant events from SIEM 3 ATA Builds the organizational security graph, detects abnormal behavior, protocol attacks and weaknesses and constructs an attack timeline 2 ATA automatically learns all entities’ behaviors ANALYZE LEARN DETECT
Abnormal Behavior • Anomalous logins • Abnormal behavior • Unknown threats • Password sharing • Lateral-movement Security Risks • Weak Protocols • Known protocol vulnerabilities • Broken Trust Attacksinreal-time • Pass-the-Ticket (PtT) • Pass-the-Hash (PtH) • Forged PAC (MS14-068) • Reconnaissance • Bruteforce 1 2 3
https://gallery.technet.microsoft.com/Aorato-Skeleton-Key-24e46b73
https://gallery.technet.microsoft.com/Aorato- Skeleton-Key-24e46b73 https://www.microsoft.com/en- us/evalcenter/evaluate-microsoft-advanced- threat-analytics
@TalBeerySec @ItaiGrady

Recomendados

Computer Security Lecture 7: RSA
Computer Security Lecture 7: RSAComputer Security Lecture 7: RSA
Computer Security Lecture 7: RSA
Mohamed Loey
 
Digital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA AlgorithmDigital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA Algorithm
Vinayak Raja
 
Rsa Crptosystem
Rsa CrptosystemRsa Crptosystem
Rsa Crptosystem
Amlan Patel
 
Metamorphic Malware Analysis and Detection
Metamorphic Malware Analysis and DetectionMetamorphic Malware Analysis and Detection
Metamorphic Malware Analysis and Detection
Grijesh Chauhan
 
Ch14
Ch14Ch14
Ch14
Francis Alamina
 
Encryption & Decryption
Encryption & DecryptionEncryption & Decryption
Encryption & Decryption
JayantBhatt6
 
Mitre ATT&CK Kullanarak Etkin Saldırı Tespiti
Mitre ATT&CK Kullanarak Etkin Saldırı TespitiMitre ATT&CK Kullanarak Etkin Saldırı Tespiti
Mitre ATT&CK Kullanarak Etkin Saldırı Tespiti
BGA Cyber Security
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithm
Joon Young Park
 

Recomendados

Computer Security Lecture 7: RSA
Computer Security Lecture 7: RSAComputer Security Lecture 7: RSA
Computer Security Lecture 7: RSA
Mohamed Loey
 
Digital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA AlgorithmDigital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA Algorithm
Vinayak Raja
 
Rsa Crptosystem
Rsa CrptosystemRsa Crptosystem
Rsa Crptosystem
Amlan Patel
 
Metamorphic Malware Analysis and Detection
Metamorphic Malware Analysis and DetectionMetamorphic Malware Analysis and Detection
Metamorphic Malware Analysis and Detection
Grijesh Chauhan
 
Ch14
Ch14Ch14
Ch14
Francis Alamina
 
Encryption & Decryption
Encryption & DecryptionEncryption & Decryption
Encryption & Decryption
JayantBhatt6
 
Mitre ATT&CK Kullanarak Etkin Saldırı Tespiti
Mitre ATT&CK Kullanarak Etkin Saldırı TespitiMitre ATT&CK Kullanarak Etkin Saldırı Tespiti
Mitre ATT&CK Kullanarak Etkin Saldırı Tespiti
BGA Cyber Security
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithm
Joon Young Park
 
Unit 1
Unit 1Unit 1
Unit 1
Trupti Kodinariya
 
Diffie Hellman Key Exchange
Diffie Hellman Key ExchangeDiffie Hellman Key Exchange
Diffie Hellman Key Exchange
SAURABHDHAGE6
 
A Brief History of Cryptography
A Brief History of CryptographyA Brief History of Cryptography
A Brief History of Cryptography
guest9006ab
 
Information and network security 13 playfair cipher
Information and network security 13 playfair cipherInformation and network security 13 playfair cipher
Information and network security 13 playfair cipher
Vaibhav Khanna
 
CNIT 141: 12. Elliptic Curves
CNIT 141: 12. Elliptic CurvesCNIT 141: 12. Elliptic Curves
CNIT 141: 12. Elliptic Curves
Sam Bowne
 
Traditional symmetric-key cipher
Traditional symmetric-key cipherTraditional symmetric-key cipher
Traditional symmetric-key cipher
Vasuki Ramasamy
 
Ch02...1
Ch02...1Ch02...1
Ch02...1
nathanurag
 
cryptography
cryptographycryptography
cryptography
Abhijeet Singh
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block Ciphers
Sam Bowne
 
Design and Simulation Triple-DES
Design and Simulation Triple-DESDesign and Simulation Triple-DES
Design and Simulation Triple-DES
chatsiri
 
Diffie Hellman.pptx
Diffie Hellman.pptxDiffie Hellman.pptx
Diffie Hellman.pptx
Sou Jana
 
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdftheVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
Gabriel Mathenge
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsa
Mazin Alwaaly
 
Cryptography
CryptographyCryptography
Cryptography
Kalyani Government Engineering College
 
Homomorphic encryption
Homomorphic encryptionHomomorphic encryption
Homomorphic encryption
Namit Sinha
 
Seguridad informática
Seguridad informáticaSeguridad informática
Seguridad informática
Calzada Meza
 
Asymmetric Cryptography.pptx
Asymmetric Cryptography.pptxAsymmetric Cryptography.pptx
Asymmetric Cryptography.pptx
diaa46
 
Rsa in CTF
Rsa in CTFRsa in CTF
Rsa in CTF
SoL ymx
 
Chapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption StandardChapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption Standard
Shafaan Khaliq Bhatti
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
amanchaurasia
 
Skeleton key malware detection owasp
Skeleton key malware detection owaspSkeleton key malware detection owasp
Skeleton key malware detection owasp
Tal Be'ery
 
Debugging linux
Debugging linuxDebugging linux
Debugging linux
Andrea Righi
 

Más contenido relacionado

La actualidad más candente

Design and Simulation Triple-DES
Design and Simulation Triple-DESDesign and Simulation Triple-DES
Design and Simulation Triple-DES
chatsiri
 
Seguridad informática
Seguridad informáticaSeguridad informática
Seguridad informática
Calzada Meza
 

La actualidad más candente (20)

Unit 1
Unit 1Unit 1
Unit 1
 
Diffie Hellman Key Exchange
Diffie Hellman Key ExchangeDiffie Hellman Key Exchange
Diffie Hellman Key Exchange
 
A Brief History of Cryptography
A Brief History of CryptographyA Brief History of Cryptography
A Brief History of Cryptography
 
Information and network security 13 playfair cipher
Information and network security 13 playfair cipherInformation and network security 13 playfair cipher
Information and network security 13 playfair cipher
 
CNIT 141: 12. Elliptic Curves
CNIT 141: 12. Elliptic CurvesCNIT 141: 12. Elliptic Curves
CNIT 141: 12. Elliptic Curves
 
Traditional symmetric-key cipher
Traditional symmetric-key cipherTraditional symmetric-key cipher
Traditional symmetric-key cipher
 
Ch02...1
Ch02...1Ch02...1
Ch02...1
 
cryptography
cryptographycryptography
cryptography
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block Ciphers
 
Design and Simulation Triple-DES
Design and Simulation Triple-DESDesign and Simulation Triple-DES
Design and Simulation Triple-DES
 
Diffie Hellman.pptx
Diffie Hellman.pptxDiffie Hellman.pptx
Diffie Hellman.pptx
 
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdftheVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsa
 
Cryptography
CryptographyCryptography
Cryptography
 
Homomorphic encryption
Homomorphic encryptionHomomorphic encryption
Homomorphic encryption
 
Seguridad informática
Seguridad informáticaSeguridad informática
Seguridad informática
 
Asymmetric Cryptography.pptx
Asymmetric Cryptography.pptxAsymmetric Cryptography.pptx
Asymmetric Cryptography.pptx
 
Rsa in CTF
Rsa in CTFRsa in CTF
Rsa in CTF
 
Chapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption StandardChapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption Standard
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 

Similar a One Key to Rule Them All: Detecting the Skeleton Key Malware

Skeleton key malware detection owasp
Skeleton key malware detection owaspSkeleton key malware detection owasp
Skeleton key malware detection owasp
Tal Be'ery
 
Implement the DES system in C++- Java- perl- etc- and then decrypt the.docx
Implement the DES system in C++- Java- perl- etc- and then decrypt the.docxImplement the DES system in C++- Java- perl- etc- and then decrypt the.docx
Implement the DES system in C++- Java- perl- etc- and then decrypt the.docx
Maxd78Pipero
 
How I failed to present on using DVCS to control archival metadata
How I failed to present on using DVCS to control archival metadataHow I failed to present on using DVCS to control archival metadata
How I failed to present on using DVCS to control archival metadata
Mark Matienzo
 

Similar a One Key to Rule Them All: Detecting the Skeleton Key Malware (10)

Skeleton key malware detection owasp
Skeleton key malware detection owaspSkeleton key malware detection owasp
Skeleton key malware detection owasp
 
Debugging linux
Debugging linuxDebugging linux
Debugging linux
 
Linux Performance 2018 (PerconaLive keynote)
Linux Performance 2018 (PerconaLive keynote)Linux Performance 2018 (PerconaLive keynote)
Linux Performance 2018 (PerconaLive keynote)
 
Implement the DES system in C++- Java- perl- etc- and then decrypt the.docx
Implement the DES system in C++- Java- perl- etc- and then decrypt the.docxImplement the DES system in C++- Java- perl- etc- and then decrypt the.docx
Implement the DES system in C++- Java- perl- etc- and then decrypt the.docx
 
How I failed to present on using DVCS to control archival metadata
How I failed to present on using DVCS to control archival metadataHow I failed to present on using DVCS to control archival metadata
How I failed to present on using DVCS to control archival metadata
 
Metasepi team meeting #19: ATS application on Arduino
Metasepi team meeting #19: ATS application on ArduinoMetasepi team meeting #19: ATS application on Arduino
Metasepi team meeting #19: ATS application on Arduino
 
ATO Linux Performance 2018
ATO Linux Performance 2018ATO Linux Performance 2018
ATO Linux Performance 2018
 
Current Cost presentation at Open Tech 2008
Current Cost presentation at Open Tech 2008Current Cost presentation at Open Tech 2008
Current Cost presentation at Open Tech 2008
 
Linux kernel debugging(ODP format)
Linux kernel debugging(ODP format)Linux kernel debugging(ODP format)
Linux kernel debugging(ODP format)
 
Linux kernel debugging(PDF format)
Linux kernel debugging(PDF format)Linux kernel debugging(PDF format)
Linux kernel debugging(PDF format)
 

Más de Tal Be'ery

Web3’s red pill: Smashing Web3 transaction simulations for fun and profit
Web3’s red pill: Smashing Web3 transaction simulations for fun and profitWeb3’s red pill: Smashing Web3 transaction simulations for fun and profit
Web3’s red pill: Smashing Web3 transaction simulations for fun and profit
Tal Be'ery
 
Web3 Security: The Blockchain is Your SIEM
Web3 Security: The Blockchain is Your SIEMWeb3 Security: The Blockchain is Your SIEM
Web3 Security: The Blockchain is Your SIEM
Tal Be'ery
 
Open Sesame: Picking Locks with Cortana
Open Sesame: Picking Locks with CortanaOpen Sesame: Picking Locks with Cortana
Open Sesame: Picking Locks with Cortana
Tal Be'ery
 
THE VOICE OF ESAU: HACKING ENTERPRISES THROUGH VOICE INTERFACES
THE VOICE OF ESAU: HACKING ENTERPRISES THROUGH VOICE INTERFACES THE VOICE OF ESAU: HACKING ENTERPRISES THROUGH VOICE INTERFACES
THE VOICE OF ESAU: HACKING ENTERPRISES THROUGH VOICE INTERFACES
Tal Be'ery
 
The Industrial Revolution of Lateral Movement
The Industrial Revolution of Lateral MovementThe Industrial Revolution of Lateral Movement
The Industrial Revolution of Lateral Movement
Tal Be'ery
 
The Enemy Within: Stopping Advanced Attacks Against Local Users
The Enemy Within: Stopping Advanced Attacks Against Local UsersThe Enemy Within: Stopping Advanced Attacks Against Local Users
The Enemy Within: Stopping Advanced Attacks Against Local Users
Tal Be'ery
 
Battlefield network
Battlefield networkBattlefield network
Battlefield network
Tal Be'ery
 

Más de Tal Be'ery (15)

Give me some (key) space!
Give me some (key) space!Give me some (key) space!
Give me some (key) space!
 
Web3’s red pill: Smashing Web3 transaction simulations for fun and profit
Web3’s red pill: Smashing Web3 transaction simulations for fun and profitWeb3’s red pill: Smashing Web3 transaction simulations for fun and profit
Web3’s red pill: Smashing Web3 transaction simulations for fun and profit
 
Understanding Compound‘s Liquidation
Understanding Compound‘s LiquidationUnderstanding Compound‘s Liquidation
Understanding Compound‘s Liquidation
 
Web3 Security: The Blockchain is Your SIEM
Web3 Security: The Blockchain is Your SIEMWeb3 Security: The Blockchain is Your SIEM
Web3 Security: The Blockchain is Your SIEM
 
The Color of Money
The Color of MoneyThe Color of Money
The Color of Money
 
Open Sesame: Picking Locks with Cortana
Open Sesame: Picking Locks with CortanaOpen Sesame: Picking Locks with Cortana
Open Sesame: Picking Locks with Cortana
 
THE VOICE OF ESAU: HACKING ENTERPRISES THROUGH VOICE INTERFACES
THE VOICE OF ESAU: HACKING ENTERPRISES THROUGH VOICE INTERFACES THE VOICE OF ESAU: HACKING ENTERPRISES THROUGH VOICE INTERFACES
THE VOICE OF ESAU: HACKING ENTERPRISES THROUGH VOICE INTERFACES
 
Automate or Die: How Automation Reshapes Cybersecurity
Automate or Die: How Automation Reshapes CybersecurityAutomate or Die: How Automation Reshapes Cybersecurity
Automate or Die: How Automation Reshapes Cybersecurity
 
The Industrial Revolution of Lateral Movement
The Industrial Revolution of Lateral MovementThe Industrial Revolution of Lateral Movement
The Industrial Revolution of Lateral Movement
 
The Enemy Within: Stopping Advanced Attacks Against Local Users
The Enemy Within: Stopping Advanced Attacks Against Local UsersThe Enemy Within: Stopping Advanced Attacks Against Local Users
The Enemy Within: Stopping Advanced Attacks Against Local Users
 
Target Breach Analysis
Target Breach AnalysisTarget Breach Analysis
Target Breach Analysis
 
Battlefield network
Battlefield networkBattlefield network
Battlefield network
 
Client sidesec 2013-intro
Client sidesec 2013-introClient sidesec 2013-intro
Client sidesec 2013-intro
 
Client sidesec 2013 - non js
Client sidesec 2013 - non jsClient sidesec 2013 - non js
Client sidesec 2013 - non js
 
Client sidesec 2013 - script injection
Client sidesec 2013 - script injectionClient sidesec 2013 - script injection
Client sidesec 2013 - script injection
 

Último

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 

Último (20)

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 

One Key to Rule Them All: Detecting the Skeleton Key Malware

Notas del editor

  1. http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf http://image.slidesharecdn.com/pivotaldatalakearchitectureitsroleinsecurityanalytics-140707093240-phpapp02/95/pivotal-data-lake-architecture-its-role-in-security-analytics-7-638.jpg?cb=1415961449
  2. http://images.rapgenius.com/995335ab10386f992dde5f3797e92c65.1000x682x1.jpg
  3. NTLM relay talk 2014 by Oren Ofer
  4. 3 Data sources – Network traffic, AD data and SIEM events Create traps (Honeytokens) to mislead attackers
  5. Classifying the SAs to 3 types - Risks (Misconfiguration), Deterministic and Behavioral based (Who access what and when)