Enviar búsqueda
Cargar
Dominique Karg - Advanced Attack Detection using OpenSource tools
•
3 recomendaciones
•
2,229 vistas
Security B-Sides
Seguir
Tecnología
Empresariales
Denunciar
Compartir
Denunciar
Compartir
1 de 34
Recomendados
Stealth post-exploitation with phpsploit
Stealth post-exploitation with phpsploit
Nullbyte Security Conference
Getting_Started_With_Docker
Getting_Started_With_Docker
Jason Greathouse
CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...
CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...
CODE BLUE
Adversary tactics config mgmt-&-logs-oh-my
Adversary tactics config mgmt-&-logs-oh-my
Jesse Moore
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE
Hacker Space
Hacker Space
Prathan Phongthiproek
Http
Http
nando2207
Embedded government espionage
Embedded government espionage
Muts Byte
Recomendados
Stealth post-exploitation with phpsploit
Stealth post-exploitation with phpsploit
Nullbyte Security Conference
Getting_Started_With_Docker
Getting_Started_With_Docker
Jason Greathouse
CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...
CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...
CODE BLUE
Adversary tactics config mgmt-&-logs-oh-my
Adversary tactics config mgmt-&-logs-oh-my
Jesse Moore
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE
Hacker Space
Hacker Space
Prathan Phongthiproek
Http
Http
nando2207
Embedded government espionage
Embedded government espionage
Muts Byte
Dissecting BetaBot
Dissecting BetaBot
securityxploded
Год в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участия
defcon_kz
Jailbreak desimlock i os 7 tutoriel fr
Jailbreak desimlock i os 7 tutoriel fr
Mateo Lopez
The A and the P of the T
The A and the P of the T
pinkflawd
Introducing... Bananajour!
Introducing... Bananajour!
Tim Lucas
IoT and IIOT at QuBit Prague 2018
IoT and IIOT at QuBit Prague 2018
Avast
EKFiddle: a framework to study Exploit Kits
EKFiddle: a framework to study Exploit Kits
Jerome Segura
如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全
Tim Hsu
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
Logicaltrust pl
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
Yury Chemerkin
Zeus' Not Dead Yet
Zeus' Not Dead Yet
pinkflawd
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
Codemotion
The A and the P of the T
The A and the P of the T
Cyphort
Intrusion Techniques
Intrusion Techniques
Festival Software Livre
Mmw anti sandbox_techniques
Mmw anti sandbox_techniques
Cyphort
Mmw anti sandboxtricks
Mmw anti sandboxtricks
Cyphort
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
Cyphort
Lukas Apa - Hacking Robots Before SkyNet
Lukas Apa - Hacking Robots Before SkyNet
NoNameCon
Web Application Security
Web Application Security
MarketingArrowECS_CZ
Cyber Security Coverage heat map
Cyber Security Coverage heat map
Moti Sagey מוטי שגיא
The Good The Bad The Virtual
The Good The Bad The Virtual
Claudio Criscione
NYU Hacknight: iOS and OSX ABI
NYU Hacknight: iOS and OSX ABI
Mikhail Sosonkin
Más contenido relacionado
La actualidad más candente
Dissecting BetaBot
Dissecting BetaBot
securityxploded
Год в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участия
defcon_kz
Jailbreak desimlock i os 7 tutoriel fr
Jailbreak desimlock i os 7 tutoriel fr
Mateo Lopez
The A and the P of the T
The A and the P of the T
pinkflawd
Introducing... Bananajour!
Introducing... Bananajour!
Tim Lucas
IoT and IIOT at QuBit Prague 2018
IoT and IIOT at QuBit Prague 2018
Avast
EKFiddle: a framework to study Exploit Kits
EKFiddle: a framework to study Exploit Kits
Jerome Segura
如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全
Tim Hsu
La actualidad más candente
(8)
Dissecting BetaBot
Dissecting BetaBot
Год в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участия
Jailbreak desimlock i os 7 tutoriel fr
Jailbreak desimlock i os 7 tutoriel fr
The A and the P of the T
The A and the P of the T
Introducing... Bananajour!
Introducing... Bananajour!
IoT and IIOT at QuBit Prague 2018
IoT and IIOT at QuBit Prague 2018
EKFiddle: a framework to study Exploit Kits
EKFiddle: a framework to study Exploit Kits
如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全
Similar a Dominique Karg - Advanced Attack Detection using OpenSource tools
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
Logicaltrust pl
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
Yury Chemerkin
Zeus' Not Dead Yet
Zeus' Not Dead Yet
pinkflawd
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
Codemotion
The A and the P of the T
The A and the P of the T
Cyphort
Intrusion Techniques
Intrusion Techniques
Festival Software Livre
Mmw anti sandbox_techniques
Mmw anti sandbox_techniques
Cyphort
Mmw anti sandboxtricks
Mmw anti sandboxtricks
Cyphort
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
Cyphort
Lukas Apa - Hacking Robots Before SkyNet
Lukas Apa - Hacking Robots Before SkyNet
NoNameCon
Web Application Security
Web Application Security
MarketingArrowECS_CZ
Cyber Security Coverage heat map
Cyber Security Coverage heat map
Moti Sagey מוטי שגיא
The Good The Bad The Virtual
The Good The Bad The Virtual
Claudio Criscione
NYU Hacknight: iOS and OSX ABI
NYU Hacknight: iOS and OSX ABI
Mikhail Sosonkin
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
Shellmates
How to hide your browser 0-days
How to hide your browser 0-days
Zoltan Balazs
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
Shah Sheikh
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
Drivesploit: Circumventing Both Automated AND Manual Drive-By-Download Detection
Drivesploit: Circumventing Both Automated AND Manual Drive-By-Download Detection
Wayne Huang
Unmasking or De-Anonymizing You
Unmasking or De-Anonymizing You
E Hacking
Similar a Dominique Karg - Advanced Attack Detection using OpenSource tools
(20)
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
Zeus' Not Dead Yet
Zeus' Not Dead Yet
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
The A and the P of the T
The A and the P of the T
Intrusion Techniques
Intrusion Techniques
Mmw anti sandbox_techniques
Mmw anti sandbox_techniques
Mmw anti sandboxtricks
Mmw anti sandboxtricks
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
Lukas Apa - Hacking Robots Before SkyNet
Lukas Apa - Hacking Robots Before SkyNet
Web Application Security
Web Application Security
Cyber Security Coverage heat map
Cyber Security Coverage heat map
The Good The Bad The Virtual
The Good The Bad The Virtual
NYU Hacknight: iOS and OSX ABI
NYU Hacknight: iOS and OSX ABI
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
How to hide your browser 0-days
How to hide your browser 0-days
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Drivesploit: Circumventing Both Automated AND Manual Drive-By-Download Detection
Drivesploit: Circumventing Both Automated AND Manual Drive-By-Download Detection
Unmasking or De-Anonymizing You
Unmasking or De-Anonymizing You
Más de Security B-Sides
Lord of the bing b-sides atl
Lord of the bing b-sides atl
Security B-Sides
The road to hell v0.6
The road to hell v0.6
Security B-Sides
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
Security B-Sides
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Security B-Sides
Social Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike Bailey
Security B-Sides
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...
Security B-Sides
Risk Management - Time to blow it up and start over? - Alex Hutton
Risk Management - Time to blow it up and start over? - Alex Hutton
Security B-Sides
Security? Who cares! - Brett Hardin
Security? Who cares! - Brett Hardin
Security B-Sides
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Security B-Sides
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Security B-Sides
The Great Compliance Debate: No Child Left Behind or The Polio Vaccine
The Great Compliance Debate: No Child Left Behind or The Polio Vaccine
Security B-Sides
2009 Zacon Haroon Meer
2009 Zacon Haroon Meer
Security B-Sides
Enterprise Portals - Gateway to the Gold
Enterprise Portals - Gateway to the Gold
Security B-Sides
From fishing to phishing to ?
From fishing to phishing to ?
Security B-Sides
Getting punched in the face
Getting punched in the face
Security B-Sides
Make Tea Not War
Make Tea Not War
Security B-Sides
OWASP Proxy
OWASP Proxy
Security B-Sides
Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)
Security B-Sides
Exploitation
Exploitation
Security B-Sides
Layer 2 Hackery
Layer 2 Hackery
Security B-Sides
Más de Security B-Sides
(20)
Lord of the bing b-sides atl
Lord of the bing b-sides atl
The road to hell v0.6
The road to hell v0.6
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Social Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike Bailey
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...
Risk Management - Time to blow it up and start over? - Alex Hutton
Risk Management - Time to blow it up and start over? - Alex Hutton
Security? Who cares! - Brett Hardin
Security? Who cares! - Brett Hardin
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
The Great Compliance Debate: No Child Left Behind or The Polio Vaccine
The Great Compliance Debate: No Child Left Behind or The Polio Vaccine
2009 Zacon Haroon Meer
2009 Zacon Haroon Meer
Enterprise Portals - Gateway to the Gold
Enterprise Portals - Gateway to the Gold
From fishing to phishing to ?
From fishing to phishing to ?
Getting punched in the face
Getting punched in the face
Make Tea Not War
Make Tea Not War
OWASP Proxy
OWASP Proxy
Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)
Exploitation
Exploitation
Layer 2 Hackery
Layer 2 Hackery
Último
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
The Digital Insurer
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Architecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
rafiqahmad00786416
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
Último
(20)
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Architecting Cloud Native Applications
Architecting Cloud Native Applications
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Dominique Karg - Advanced Attack Detection using OpenSource tools
1.
AdvancedAttackDetection TheOpenSource Way
:-) Dominique KargAlienVault / OSSIMBSidesSF 2010
2.
Whatthistalkisnotabout
3.
The Play (AAA)
Selfreminder: don‘tforgettellingwhatthisis all going to beabout.
4.
Actors (Presentingtheplayers)
5.
ZEUS Askyourlocalmalwareprovider.
6.
TrojanEmulation/Analisys AlienVRTjaime.blasco@alienvault.com
7.
NIDS http://www.snort.org
8.
Host behavior/Anomalies Spade/Spada
AlienVRTjaime.blasco@alienvault.com
9.
HIDS Trend... http://www.ossec.net
10.
Windows Policies Snare
http://www.intersectalliance.org
11.
Flows ... NFDump/NFSen
Heavilymodifiedfor OSSIM
12.
TrafficBehavior NTop http://www.ntop.org
13.
Correlation OSSIM http://www.alienvault.com
14.
Attack (Whattheuserdoes *not*
see)
15.
Installation Descriptiondetailesbased on:
http://www.noryak.net/papers/zeus.pdf
16.
System informationgathering Descriptiondetailesbased
on: http://www.noryak.net/papers/zeus.pdf
17.
CredentialStealing Descriptiondetailesbased on:
http://www.noryak.net/papers/zeus.pdf
18.
Environmentdiscovery Descriptiondetailesbased on:
http://www.noryak.net/papers/zeus.pdf
19.
Callinghome Descriptiondetailesbased on:
http://www.noryak.net/papers/zeus.pdf
20.
Web pageinjection Descriptiondetailesbased
on: http://www.noryak.net/papers/zeus.pdf
21.
Analysis (Whathappensbehindthescenes)
22.
NIDS Events (Unreliable,
signaturebased, false positives)
23.
Host Behavior/Anomalies (Misconfiguredservices
cause those)
24.
HIDS Events (False
positives, lessdangerousstuff, signaturebased)
25.
Windows Policies 592
– Processcreation 593 – Processdestruction 577 – Privsystemcalls (Noisy to filter out)
26.
Flows (Malware mightcontactnon-RBNhosts)
27.
Trafficbehavior (Hard to
tune, tons of false positives)
28.
Correlation (The Key
to success)
29.
Conclusion (Obtainingreliablesecuritythroughbruteforce)
30.
No single Pointof
Failure
31.
Easilyaddnewcomponents
32.
Free! Cheap!
33.
34.
Trythis out
35.
Improveit
36.
Share it
37.