SlideShare una empresa de Scribd logo

Unity Makes Strength SOURCE Dublin 2013

Xavier Mertens
Xavier Mertens

This is the talk I gave at SOURCE Dublin in May 2013 about improving information security by dynamically reconfiguring security devices already in place.

Tecnología
1 de 47
Descargar para leer sin conexión
Unity Makes Strength “Why keep this valuable information in a corner?” SOURCE Dublin 2013
$ whoami • Xavier Mertens (@xme) • Consultant @ day • Blogger @ night • BruCON co-organizer 2
$ cat disclaimer.txt “The opinions expressed in this presentation are those of the speaker and do not necessarily reflect those of past, present employers, partners or customers.” 3
Agenda • Some facts • Current situation • Toolbox • Examples 4
Defense vs.Attack • Offensive security is funny (w00t! We break things) • Defensive security can also be fun! (proud to not be pwn3d ;-) • “Know your enemy!” 5
Welcome to Belgium! 6
Welcome to Belgium! 7
Belgique, België, Belgien But with a very complicated political landscape! 8
Belgian Motto “L’union fait la force” (“Unity Makes Strength”) 9
And Infosec? Why not apply this to our security infrastructures? 10
Agenda • Some facts • Current situation • Toolbox • Examples 11
Initial Situation Firewall IDS Proxy Malware Analysis Action Action Action Action 12
Then Came the god “SIEM” Firewall IDS Proxy Malware Analysis Logs Logs Logs Logs Centralized Logging Solutions / SIEM 13
Weaknesses? • Independent solutions • Static configurations • Only logs are centralized • No global protection • Useful data not shared • Real-time protection not easy 14
TheValue of Data • IP addresses • User names • URLs • Domains • Digests (MD5, SHA1, etc) 15
Multiple Sources • Online repositories • Internal resources • Automatic process 16
Nothing New! Input OutputProcess 17
Back to the Roots • REXX is a scripting language invented by IBM. • ARexx was implemented in AmigaOS in 1987. • Allow applications having an ARexx interface to communicate to exchange data. 18
RTFM! • Security is a big market ($$$) • The “Microsoft Office” effect (<10% of features really used) • Invest time to learn how your products work. • Be a hacker: Learn how it work and make it work like you want. 19
Backdoors... • CLI • WebAPI (JSON, XML) • Databases • Scripting languages • Serial console 20
Protocols • HTTP(S) • TFTP • SSH • SNMP • IF-MAP • Proprietary tools (dbedit) 21
Automation is the Key • We’re all lazy people! • Expect! use Expect; my $e = Expect->new(); my $c = “ssh $user@$host”; $e = Expect->spawn($c) or die “No SSH?”; $e->Expect($timeout, [ qr’password: $’, sub { my $fh = shift; print $fh $passwordn”; } ] 22
A New Architecture Firewall IDS Proxy Malware Analysis Logs Logs Logs Logs Centralized Logging Solutions / SIEM 23 Action Action Action Action Toolbox
Agenda • Some facts • Current situation • Toolbox • Examples 24
HTTPS • Generate an API key https://10.0.0.1/api/?type=keygen&user=foo&password=bar • Submit XML requests https://10.0.0.1/api/?type=config&key=xxx&action=set&xpath=/ config/device/entry[@name=localhost]/vsys/ entry[@name=vsys1]/address/ entry[@name=NewHost]&element=<ip- netmask>192.168.0.1</ip-netmask><description>Test</ description> 25
Snort-Rules Generator • Lot of Security tools accept Snort rules use Snort::Rule my $rule = Snort::Rule->new( -action => ‘alert’, -proto => ‘tcp’, -src => ‘10.0.0.1’, -sport => ‘any’, -dst => ‘any’, -dport => ‘any’, ); $rule->opts(‘msg’,‘Detect traffic from 10.0.0.1’); $rule->opts(‘sid’,‘666666’); 26
IF-MAP • Open standard to allow authorized devices to publish/search relevant information • Information could be • IP • Login • Location (devices) • Domain 27
IF-MAP use Ifmap; use Ifmap::Util; my $r=Ifmap::Request::NewSession->new(); my $ip=Ifmap::Identifier::IpAddress->new(ip_address,‘10.0.0.1’); my $mac=Ifmap::Identifier::MacAddress->new(mac_address,‘aa:bb:cc:dd:ee:ff’); my $id = Ifmap::Identifier::Identity->new(name=> ‘john’, type=>‘username’); my $meta=Ifmap::Metadata::Element->new(name=>‘name’, value=‘employee’); 28
SNMP $ snmpset 10.0.1 Pr1v4t3 .1.3.6.1.4.1.9.2.1.53.10.0.2 acl.tmp 29 • SNMP can be used to push configuration changes • Example: • Router 10.0.0.1 will pull the access-list “acl.tmp” from TFTP server 10.0.0.2
TCL event manager applet Interface_Event event syslog pattern “.*UPDOWN.*FastEthernet0/1.* changed state to .*” event 1.0 cli command “tclsh flash:notify.tcl” 30 • Cisco devices have a framework called EEM: “Embedded Event Manager” • Example: • The router may communicate information based on its status
Puppet 31 • Configuration Management Software • Deploy security patches • Manage SSH keys • Modify thousands of servers in one shot “DevOps to the rescue”
The Conductor • OSSEC • Log Management • Active-Response • Powerful alerts engine 32
Action? Reaction! • Example of OSSEC rule <rule id=”100101” level=”5” frequency=”5” timeframe=”60”> <match>access denied</match> <group>invalid_login,</group> </rule> <active-response> <command>ad-block-user</command> <location>local</location> <rules_id>100101</rules_id> </active-response> 33
Agenda • Some facts • Current situation • Toolbox • Examples 34
$ cat disclaimer2.txt <warning> Some slides contain examples based on open source as well as v€ndor$ solutions. I’m not affiliated with any of them! </warning> 35
Online Resources • DNS-BH $ wget -N http://dns-bh.sagadc.org/domains.txt • Google SafeBrowsing use Net::Google::SafeBrowsing2; use Net::Google::SafeBrowsing2:::Sqlite; my gsb = Net::Google::SafeBrowsing2->new( key => “xxx”, storage => Net::Google::SafeBrowsing2::Sqlite->new(file => “google.db”) ); $gsb->update(); my $match = $gsb->lookup(url => “http://evil.com”); if ($match eq MALWARE) { ... } 36
Dynamic Firewall Config • FireEye malware analysis box • Firewalls • Checkpoint • PaloAlto • IPtables • <insert your preferred fw $VENDOR here> • OSSEC 37
Dynamic Firewall Config FireEye OSSEC PaloAlto Checkpoint IPtables 38
Dynamic User Blacklist • Syslog Concentrator • OSSEC • SSLVPN • LDAP directory 39
Dynamic User Blacklist sshd OSSEC LDAP sshd sshd $ ldapmodify -D ‘cn=admin’ -w ‘pass’ dn:uid=jdoe,o=acme.org changetype: modify replace:userpassword userpassword:newpass 40
SMTP Malware Analysis • Postfix MTA • Cuckoo • CuckooMX (Perl) 41
SMTP Malware Analysis CuckooMXPostfix Cuckoo 42
MySQL Self-Defense • MySQL Server • MySQL Proxy • lib_mysqludf_log 43
MySQL Self-Defense mysql-proxyclient mysqld 44 error.log
Controls • Security first! • Strong controls must be implemented • Authentication/Authorization • Could break your compliance • Use an OoB network • Risk of DoS! 45
Conclusions • Don’t buy just “a box” • RTFM • Control • It’s up to you! 46
ThankYou! Questions? No? Beers! 47

Recomendados

What are-you-investigate-today? (version 2.0)
What are-you-investigate-today? (version 2.0)What are-you-investigate-today? (version 2.0)
What are-you-investigate-today? (version 2.0)Xavier Mertens
 
What Will You Investigate Today?
What Will You Investigate Today?What Will You Investigate Today?
What Will You Investigate Today?Xavier Mertens
 
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - GerritzBSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - GerritzChristopher Gerritz
 
Hunting on the cheap
Hunting on the cheapHunting on the cheap
Hunting on the cheapAnjum Ahuja
 
Malware Analysis Using Free Software
Malware Analysis Using Free SoftwareMalware Analysis Using Free Software
Malware Analysis Using Free SoftwareXavier Mertens
 
BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...
BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...
BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...BlueHat Security Conference
 
Blackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise AssessmentBlackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise AssessmentChristopher Gerritz
 
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...Andrew Morris
 

Recomendados

What are-you-investigate-today? (version 2.0)
What are-you-investigate-today? (version 2.0)What are-you-investigate-today? (version 2.0)
What are-you-investigate-today? (version 2.0)Xavier Mertens
 
What Will You Investigate Today?
What Will You Investigate Today?What Will You Investigate Today?
What Will You Investigate Today?Xavier Mertens
 
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - GerritzBSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - GerritzChristopher Gerritz
 
Hunting on the cheap
Hunting on the cheapHunting on the cheap
Hunting on the cheapAnjum Ahuja
 
Malware Analysis Using Free Software
Malware Analysis Using Free SoftwareMalware Analysis Using Free Software
Malware Analysis Using Free SoftwareXavier Mertens
 
BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...
BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...
BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...BlueHat Security Conference
 
Blackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise AssessmentBlackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise AssessmentChristopher Gerritz
 
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...Andrew Morris
 
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat Security Conference
 
My Bro The ELK
My Bro The ELKMy Bro The ELK
My Bro The ELKTripwire
 
OpenStack Folsom Summit: Melange overview
OpenStack Folsom Summit: Melange overviewOpenStack Folsom Summit: Melange overview
OpenStack Folsom Summit: Melange overviewtroytoman
 
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat Security Conference
 
BSides Roma 2018 - Red team techniques
BSides Roma 2018 - Red team techniquesBSides Roma 2018 - Red team techniques
BSides Roma 2018 - Red team techniquesGuglielmo Scaiola
 
The Background Noise of the Internet
The Background Noise of the InternetThe Background Noise of the Internet
The Background Noise of the InternetAndrew Morris
 
Defense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 SitesDefense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 SitesPantheon
 
Ad, mimikatz, ata and (awe)some evasion techniques
Ad, mimikatz, ata and (awe)some evasion techniquesAd, mimikatz, ata and (awe)some evasion techniques
Ad, mimikatz, ata and (awe)some evasion techniquesGuglielmo Scaiola
 
Shmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHShmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHAndrew Morris
 
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Andrew Morris
 
Six Degrees of Domain Admin - BloodHound at DEF CON 24
Six Degrees of Domain Admin - BloodHound at DEF CON 24Six Degrees of Domain Admin - BloodHound at DEF CON 24
Six Degrees of Domain Admin - BloodHound at DEF CON 24Andy Robbins
 
Attacker's Perspective of Active Directory
Attacker's Perspective of Active DirectoryAttacker's Perspective of Active Directory
Attacker's Perspective of Active DirectorySunny Neo
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the CheapEndgameInc
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?Raffael Marty
 
Flaying the Blockchain Ledger for Fun, Profit, and Hip Hop
Flaying the Blockchain Ledger for Fun, Profit, and Hip HopFlaying the Blockchain Ledger for Fun, Profit, and Hip Hop
Flaying the Blockchain Ledger for Fun, Profit, and Hip HopAndrew Morris
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Jason Williams
 
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...David Timothy Strauss
 
Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018randomuserid
 
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...DynamicInfraDays
 
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...Felipe Prado
 
ISSA Siem Fraud
ISSA Siem FraudISSA Siem Fraud
ISSA Siem FraudXavier Mertens
 
The BruCO"NSA" Network
The BruCO"NSA" NetworkThe BruCO"NSA" Network
The BruCO"NSA" NetworkXavier Mertens
 

Más contenido relacionado

La actualidad más candente

BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat Security Conference
 
My Bro The ELK
My Bro The ELKMy Bro The ELK
My Bro The ELKTripwire
 
OpenStack Folsom Summit: Melange overview
OpenStack Folsom Summit: Melange overviewOpenStack Folsom Summit: Melange overview
OpenStack Folsom Summit: Melange overviewtroytoman
 
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat Security Conference
 
BSides Roma 2018 - Red team techniques
BSides Roma 2018 - Red team techniquesBSides Roma 2018 - Red team techniques
BSides Roma 2018 - Red team techniquesGuglielmo Scaiola
 
The Background Noise of the Internet
The Background Noise of the InternetThe Background Noise of the Internet
The Background Noise of the InternetAndrew Morris
 
Defense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 SitesDefense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 SitesPantheon
 
Ad, mimikatz, ata and (awe)some evasion techniques
Ad, mimikatz, ata and (awe)some evasion techniquesAd, mimikatz, ata and (awe)some evasion techniques
Ad, mimikatz, ata and (awe)some evasion techniquesGuglielmo Scaiola
 
Shmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHShmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHAndrew Morris
 
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Andrew Morris
 
Six Degrees of Domain Admin - BloodHound at DEF CON 24
Six Degrees of Domain Admin - BloodHound at DEF CON 24Six Degrees of Domain Admin - BloodHound at DEF CON 24
Six Degrees of Domain Admin - BloodHound at DEF CON 24Andy Robbins
 
Attacker's Perspective of Active Directory
Attacker's Perspective of Active DirectoryAttacker's Perspective of Active Directory
Attacker's Perspective of Active DirectorySunny Neo
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the CheapEndgameInc
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?Raffael Marty
 
Flaying the Blockchain Ledger for Fun, Profit, and Hip Hop
Flaying the Blockchain Ledger for Fun, Profit, and Hip HopFlaying the Blockchain Ledger for Fun, Profit, and Hip Hop
Flaying the Blockchain Ledger for Fun, Profit, and Hip HopAndrew Morris
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Jason Williams
 
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...David Timothy Strauss
 
Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018randomuserid
 
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...DynamicInfraDays
 
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...Felipe Prado
 

La actualidad más candente (20)

BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
 
My Bro The ELK
My Bro The ELKMy Bro The ELK
My Bro The ELK
 
OpenStack Folsom Summit: Melange overview
OpenStack Folsom Summit: Melange overviewOpenStack Folsom Summit: Melange overview
OpenStack Folsom Summit: Melange overview
 
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
 
BSides Roma 2018 - Red team techniques
BSides Roma 2018 - Red team techniquesBSides Roma 2018 - Red team techniques
BSides Roma 2018 - Red team techniques
 
The Background Noise of the Internet
The Background Noise of the InternetThe Background Noise of the Internet
The Background Noise of the Internet
 
Defense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 SitesDefense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 Sites
 
Ad, mimikatz, ata and (awe)some evasion techniques
Ad, mimikatz, ata and (awe)some evasion techniquesAd, mimikatz, ata and (awe)some evasion techniques
Ad, mimikatz, ata and (awe)some evasion techniques
 
Shmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHShmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSH
 
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
 
Six Degrees of Domain Admin - BloodHound at DEF CON 24
Six Degrees of Domain Admin - BloodHound at DEF CON 24Six Degrees of Domain Admin - BloodHound at DEF CON 24
Six Degrees of Domain Admin - BloodHound at DEF CON 24
 
Attacker's Perspective of Active Directory
Attacker's Perspective of Active DirectoryAttacker's Perspective of Active Directory
Attacker's Perspective of Active Directory
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the Cheap
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
 
Flaying the Blockchain Ledger for Fun, Profit, and Hip Hop
Flaying the Blockchain Ledger for Fun, Profit, and Hip HopFlaying the Blockchain Ledger for Fun, Profit, and Hip Hop
Flaying the Blockchain Ledger for Fun, Profit, and Hip Hop
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)
 
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
 
Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018
 
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
 
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
 

Destacado

The BruCO"NSA" Network
The BruCO"NSA" NetworkThe BruCO"NSA" Network
The BruCO"NSA" NetworkXavier Mertens
 
Introduction to MBAin as part of the JobsinNetwork
Introduction to MBAin as part of the JobsinNetworkIntroduction to MBAin as part of the JobsinNetwork
Introduction to MBAin as part of the JobsinNetworkThe Synergist.org
 
All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!Xavier Mertens
 
Break Dengue - Building a Global Alliance
Break Dengue - Building a Global AllianceBreak Dengue - Building a Global Alliance
Break Dengue - Building a Global AllianceThe Synergist.org
 
BruCON 2010 Lightning Talk
BruCON 2010 Lightning TalkBruCON 2010 Lightning Talk
BruCON 2010 Lightning TalkXavier Mertens
 
Building A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail ScannerBuilding A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail ScannerXavier Mertens
 

Destacado (9)

ISSA Siem Fraud
ISSA Siem FraudISSA Siem Fraud
ISSA Siem Fraud
 
The BruCO"NSA" Network
The BruCO"NSA" NetworkThe BruCO"NSA" Network
The BruCO"NSA" Network
 
Introduction to MBAin as part of the JobsinNetwork
Introduction to MBAin as part of the JobsinNetworkIntroduction to MBAin as part of the JobsinNetwork
Introduction to MBAin as part of the JobsinNetwork
 
All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!
 
Break Dengue - Building a Global Alliance
Break Dengue - Building a Global AllianceBreak Dengue - Building a Global Alliance
Break Dengue - Building a Global Alliance
 
$HOME Sweet $HOME
$HOME Sweet $HOME$HOME Sweet $HOME
$HOME Sweet $HOME
 
BruCON 2010 Lightning Talk
BruCON 2010 Lightning TalkBruCON 2010 Lightning Talk
BruCON 2010 Lightning Talk
 
InfoSecurity.be 2011
InfoSecurity.be 2011InfoSecurity.be 2011
InfoSecurity.be 2011
 
Building A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail ScannerBuilding A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail Scanner
 

Similar a Unity Makes Strength SOURCE Dublin 2013

Security research over Windows #defcon china
Security research over Windows #defcon chinaSecurity research over Windows #defcon china
Security research over Windows #defcon chinaPeter Hlavaty
 
Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?HackIT Ukraine
 
You have a SIEM! And now?
You have a SIEM! And now?You have a SIEM! And now?
You have a SIEM! And now?Xavier Mertens
 
PowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue KidPowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue KidMatthew Johnson
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class Chris Gates
 
Offensive Python for Pentesting
Offensive Python for PentestingOffensive Python for Pentesting
Offensive Python for PentestingMike Felch
 
Hacklu2011 tricaud
Hacklu2011 tricaudHacklu2011 tricaud
Hacklu2011 tricaudstricaud
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysJoff Thyer
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Chris Sistrunk
 
Reversing Engineering: Dissecting a "Client Side" Vulnerability in the APT era
Reversing Engineering: Dissecting a "Client Side" Vulnerability in the APT eraReversing Engineering: Dissecting a "Client Side" Vulnerability in the APT era
Reversing Engineering: Dissecting a "Client Side" Vulnerability in the APT eraNelson Brito
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
Sensu and Sensibility - Puppetconf 2014
Sensu and Sensibility - Puppetconf 2014Sensu and Sensibility - Puppetconf 2014
Sensu and Sensibility - Puppetconf 2014Tomas Doran
 
Esage on non-existent 0-days, stable binary exploits and user interaction
Esage on non-existent 0-days, stable binary exploits and user interactionEsage on non-existent 0-days, stable binary exploits and user interaction
Esage on non-existent 0-days, stable binary exploits and user interactionDefconRussia
 
Protect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying TechniquesProtect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying TechniquesLeo Loobeek
 
Smart Platform Infrastructure with AWS
Smart Platform Infrastructure with AWSSmart Platform Infrastructure with AWS
Smart Platform Infrastructure with AWSJames Huston
 
On non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits andOn non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits andAlisa Esage Шевченко
 

Similar a Unity Makes Strength SOURCE Dublin 2013 (20)

Unity makes strength
Unity makes strengthUnity makes strength
Unity makes strength
 
Unity Makes Strength
Unity Makes StrengthUnity Makes Strength
Unity Makes Strength
 
Security research over Windows #defcon china
Security research over Windows #defcon chinaSecurity research over Windows #defcon china
Security research over Windows #defcon china
 
Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?
 
You have a SIEM! And now?
You have a SIEM! And now?You have a SIEM! And now?
You have a SIEM! And now?
 
All your logs are belong to you!
All your logs are belong to you!All your logs are belong to you!
All your logs are belong to you!
 
PowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue KidPowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue Kid
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
 
Offensive Python for Pentesting
Offensive Python for PentestingOffensive Python for Pentesting
Offensive Python for Pentesting
 
Hacklu2011 tricaud
Hacklu2011 tricaudHacklu2011 tricaud
Hacklu2011 tricaud
 
C days2015
C days2015C days2015
C days2015
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
 
Reversing Engineering: Dissecting a "Client Side" Vulnerability in the APT era
Reversing Engineering: Dissecting a "Client Side" Vulnerability in the APT eraReversing Engineering: Dissecting a "Client Side" Vulnerability in the APT era
Reversing Engineering: Dissecting a "Client Side" Vulnerability in the APT era
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
Sensu and Sensibility - Puppetconf 2014
Sensu and Sensibility - Puppetconf 2014Sensu and Sensibility - Puppetconf 2014
Sensu and Sensibility - Puppetconf 2014
 
Esage on non-existent 0-days, stable binary exploits and user interaction
Esage on non-existent 0-days, stable binary exploits and user interactionEsage on non-existent 0-days, stable binary exploits and user interaction
Esage on non-existent 0-days, stable binary exploits and user interaction
 
Protect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying TechniquesProtect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying Techniques
 
Smart Platform Infrastructure with AWS
Smart Platform Infrastructure with AWSSmart Platform Infrastructure with AWS
Smart Platform Infrastructure with AWS
 
On non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits andOn non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits and
 

Más de Xavier Mertens

FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)Xavier Mertens
 
FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018Xavier Mertens
 
HTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionHTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionXavier Mertens
 
HTTP For the Good or the Bad
HTTP For the Good or the BadHTTP For the Good or the Bad
HTTP For the Good or the BadXavier Mertens
 
Developers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusDevelopers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusXavier Mertens
 
$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE EditionXavier Mertens
 
Automatic MIME Attachments Triage
Automatic MIME Attachments TriageAutomatic MIME Attachments Triage
Automatic MIME Attachments TriageXavier Mertens
 
$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015Xavier Mertens
 
Because we are just humans
Because we are just humansBecause we are just humans
Because we are just humansXavier Mertens
 
Social Networks - The Good and the Bad
Social Networks - The Good and the BadSocial Networks - The Good and the Bad
Social Networks - The Good and the BadXavier Mertens
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011Xavier Mertens
 
Belnet events management
Belnet events managementBelnet events management
Belnet events managementXavier Mertens
 

Más de Xavier Mertens (15)

FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)
 
FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018
 
HTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionHTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC Edition
 
HTTP For the Good or the Bad
HTTP For the Good or the BadHTTP For the Good or the Bad
HTTP For the Good or the Bad
 
Developers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusDevelopers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from Venus
 
$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition
 
Automatic MIME Attachments Triage
Automatic MIME Attachments TriageAutomatic MIME Attachments Triage
Automatic MIME Attachments Triage
 
$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015
 
Secure Web Coding
Secure Web CodingSecure Web Coding
Secure Web Coding
 
Because we are just humans
Because we are just humansBecause we are just humans
Because we are just humans
 
Mobile Apps Security
Mobile Apps SecurityMobile Apps Security
Mobile Apps Security
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
Social Networks - The Good and the Bad
Social Networks - The Good and the BadSocial Networks - The Good and the Bad
Social Networks - The Good and the Bad
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
 
Belnet events management
Belnet events managementBelnet events management
Belnet events management
 

Último

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 

Último (20)

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

Unity Makes Strength SOURCE Dublin 2013

  • 1. Unity Makes Strength “Why keep this valuable information in a corner?” SOURCE Dublin 2013
  • 2. $ whoami • Xavier Mertens (@xme) • Consultant @ day • Blogger @ night • BruCON co-organizer 2
  • 3. $ cat disclaimer.txt “The opinions expressed in this presentation are those of the speaker and do not necessarily reflect those of past, present employers, partners or customers.” 3
  • 4. Agenda • Some facts • Current situation • Toolbox • Examples 4
  • 5. Defense vs.Attack • Offensive security is funny (w00t! We break things) • Defensive security can also be fun! (proud to not be pwn3d ;-) • “Know your enemy!” 5
  • 8. Belgique, België, Belgien But with a very complicated political landscape! 8
  • 9. Belgian Motto “L’union fait la force” (“Unity Makes Strength”) 9
  • 10. And Infosec? Why not apply this to our security infrastructures? 10
  • 11. Agenda • Some facts • Current situation • Toolbox • Examples 11
  • 12. Initial Situation Firewall IDS Proxy Malware Analysis Action Action Action Action 12
  • 13. Then Came the god “SIEM” Firewall IDS Proxy Malware Analysis Logs Logs Logs Logs Centralized Logging Solutions / SIEM 13
  • 14. Weaknesses? • Independent solutions • Static configurations • Only logs are centralized • No global protection • Useful data not shared • Real-time protection not easy 14
  • 15. TheValue of Data • IP addresses • User names • URLs • Domains • Digests (MD5, SHA1, etc) 15
  • 16. Multiple Sources • Online repositories • Internal resources • Automatic process 16
  • 18. Back to the Roots • REXX is a scripting language invented by IBM. • ARexx was implemented in AmigaOS in 1987. • Allow applications having an ARexx interface to communicate to exchange data. 18
  • 19. RTFM! • Security is a big market ($$$) • The “Microsoft Office” effect (<10% of features really used) • Invest time to learn how your products work. • Be a hacker: Learn how it work and make it work like you want. 19
  • 20. Backdoors... • CLI • WebAPI (JSON, XML) • Databases • Scripting languages • Serial console 20
  • 21. Protocols • HTTP(S) • TFTP • SSH • SNMP • IF-MAP • Proprietary tools (dbedit) 21
  • 22. Automation is the Key • We’re all lazy people! • Expect! use Expect; my $e = Expect->new(); my $c = “ssh $user@$host”; $e = Expect->spawn($c) or die “No SSH?”; $e->Expect($timeout, [ qr’password: $’, sub { my $fh = shift; print $fh $passwordn”; } ] 22
  • 23. A New Architecture Firewall IDS Proxy Malware Analysis Logs Logs Logs Logs Centralized Logging Solutions / SIEM 23 Action Action Action Action Toolbox
  • 24. Agenda • Some facts • Current situation • Toolbox • Examples 24
  • 25. HTTPS • Generate an API key https://10.0.0.1/api/?type=keygen&user=foo&password=bar • Submit XML requests https://10.0.0.1/api/?type=config&key=xxx&action=set&xpath=/ config/device/entry[@name=localhost]/vsys/ entry[@name=vsys1]/address/ entry[@name=NewHost]&element=<ip- netmask>192.168.0.1</ip-netmask><description>Test</ description> 25
  • 26. Snort-Rules Generator • Lot of Security tools accept Snort rules use Snort::Rule my $rule = Snort::Rule->new( -action => ‘alert’, -proto => ‘tcp’, -src => ‘10.0.0.1’, -sport => ‘any’, -dst => ‘any’, -dport => ‘any’, ); $rule->opts(‘msg’,‘Detect traffic from 10.0.0.1’); $rule->opts(‘sid’,‘666666’); 26
  • 27. IF-MAP • Open standard to allow authorized devices to publish/search relevant information • Information could be • IP • Login • Location (devices) • Domain 27
  • 28. IF-MAP use Ifmap; use Ifmap::Util; my $r=Ifmap::Request::NewSession->new(); my $ip=Ifmap::Identifier::IpAddress->new(ip_address,‘10.0.0.1’); my $mac=Ifmap::Identifier::MacAddress->new(mac_address,‘aa:bb:cc:dd:ee:ff’); my $id = Ifmap::Identifier::Identity->new(name=> ‘john’, type=>‘username’); my $meta=Ifmap::Metadata::Element->new(name=>‘name’, value=‘employee’); 28
  • 29. SNMP $ snmpset 10.0.1 Pr1v4t3 .1.3.6.1.4.1.9.2.1.53.10.0.2 acl.tmp 29 • SNMP can be used to push configuration changes • Example: • Router 10.0.0.1 will pull the access-list “acl.tmp” from TFTP server 10.0.0.2
  • 30. TCL event manager applet Interface_Event event syslog pattern “.*UPDOWN.*FastEthernet0/1.* changed state to .*” event 1.0 cli command “tclsh flash:notify.tcl” 30 • Cisco devices have a framework called EEM: “Embedded Event Manager” • Example: • The router may communicate information based on its status
  • 31. Puppet 31 • Configuration Management Software • Deploy security patches • Manage SSH keys • Modify thousands of servers in one shot “DevOps to the rescue”
  • 32. The Conductor • OSSEC • Log Management • Active-Response • Powerful alerts engine 32
  • 33. Action? Reaction! • Example of OSSEC rule <rule id=”100101” level=”5” frequency=”5” timeframe=”60”> <match>access denied</match> <group>invalid_login,</group> </rule> <active-response> <command>ad-block-user</command> <location>local</location> <rules_id>100101</rules_id> </active-response> 33
  • 34. Agenda • Some facts • Current situation • Toolbox • Examples 34
  • 35. $ cat disclaimer2.txt <warning> Some slides contain examples based on open source as well as v€ndor$ solutions. I’m not affiliated with any of them! </warning> 35
  • 36. Online Resources • DNS-BH $ wget -N http://dns-bh.sagadc.org/domains.txt • Google SafeBrowsing use Net::Google::SafeBrowsing2; use Net::Google::SafeBrowsing2:::Sqlite; my gsb = Net::Google::SafeBrowsing2->new( key => “xxx”, storage => Net::Google::SafeBrowsing2::Sqlite->new(file => “google.db”) ); $gsb->update(); my $match = $gsb->lookup(url => “http://evil.com”); if ($match eq MALWARE) { ... } 36
  • 37. Dynamic Firewall Config • FireEye malware analysis box • Firewalls • Checkpoint • PaloAlto • IPtables • <insert your preferred fw $VENDOR here> • OSSEC 37
  • 38. Dynamic Firewall Config FireEye OSSEC PaloAlto Checkpoint IPtables 38
  • 39. Dynamic User Blacklist • Syslog Concentrator • OSSEC • SSLVPN • LDAP directory 39
  • 40. Dynamic User Blacklist sshd OSSEC LDAP sshd sshd $ ldapmodify -D ‘cn=admin’ -w ‘pass’ dn:uid=jdoe,o=acme.org changetype: modify replace:userpassword userpassword:newpass 40
  • 41. SMTP Malware Analysis • Postfix MTA • Cuckoo • CuckooMX (Perl) 41
  • 43. MySQL Self-Defense • MySQL Server • MySQL Proxy • lib_mysqludf_log 43
  • 45. Controls • Security first! • Strong controls must be implemented • Authentication/Authorization • Could break your compliance • Use an OoB network • Risk of DoS! 45
  • 46. Conclusions • Don’t buy just “a box” • RTFM • Control • It’s up to you! 46