Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Security Automation - Python - Introduction

499 visualizaciones

Publicado el

Where we can automate stuff in Cyber Security using Python.
- Blue Teams
- Red Teams
- AppSec Teams
- DevSecOps Teams
- Compliance Teams

Publicado en: Tecnología
  • Sé el primero en comentar

Security Automation - Python - Introduction

  1. 1. P R E S E N T A T I O N B Y P 3 T 3 R P 4 R K 3 R Introduction Security Automation Python
  2. 2. Working as a Security Engineer Hello! I Am Santhosh Baswa You can contact me at Twitter@P3t3rP4rk4r
  3. 3. Think Innovative Automation 1
  4. 4. Automation Innovative & Improve processes using Multiple Integrations. Automation is taking action without human intervention. Scope of Industrialisation.
  5. 5. It is the automatic handling of a task in machine-based security application that would otherwise be done manually by a cyber security professional. Security Automation
  6. 6. Security Automation Security Operations (Blue Team) Adversary Simulation & PT (Red Team) Application SecurityDevSecOps Compliance
  7. 7. SOC Operations (Blue Team) Alert Triage & IR - Integration SIEM - (Log sources) - Correlation Rules & Central Alert System - IR - Team Coordination (Timeline Track) Phishing Triage - Phishing email Analysis. - Extraction IPs & URLs & Attachments. - Integrate & Check those IOCs (F/T) - Automated Email notifications. APIs + Digital Forensic Investigations - Automated Remote Forensic Imaging - Automated Volatility Investigation Report - Innovative Projects (CTI Integrations etc) Threat Intelligence - Integrate Dark Web Intelligence Tools - Track APT + New Malware IOCs - Password Dumps & Email Compromise - Automated Threat Lookups & SIEM
  8. 8. Adversary Simulation (Red Team) & Penetration Testing RT / Pentest Environment - Automated Phishing Campaigns (PhishFrenzy). - Covert C2 Channels & Beacon Infra (Cobalt Strike) - Client Sensitive Data Sync/Secure Backup. Recon - OSINT (Web Crawling) - Campaign Email Generation - Sensitive Data Collection (Ex:Gitrob) Scan/Enumeration - Controlled NMAP Scans (NSE) - Sub Directories/Domains ReportsExploitation - Modification of Toolset - Payload Generation - AV Bypass payload Test Post Exploitation - Data Exfiltration Automation - Slack/Gmail/Twitter/C2
  9. 9. 01 02 03 05 04 Bugs/Fixes - Vulnerable Versions & Packages. - Security Bug fixes (Bug Bounty) Testing/Verification - Automated DAST Program. Code/Implementation - Secure Coding Standards. - Static Code Test Automation Requirements & Design - Choose Dependencies / Languages - Secure Application Design Training - Training program for new joiners / experience developers. - Test their abilities through Quiz. Application Security -Automation
  10. 10. DevSecOps Cloud Infrastructure - Security Monitoring (CloudTrail) - Automated Profile based Security Checks Automated Security Tests - Security Functional Tests (Auth checks) - Default Configs (Apache security config checks) Code Analysis - Static Code Analysis (Vulnerable Functions) Runtime Application Security - Fuzzing/Dynamic checks on Validation. - Automated API input checks.
  11. 11. Detect & Respond - Automated Incident Scoring - Tracking Incidents Protect - Security Controls Check (NIST) - Track process & Procedures Inventory - External Asset Inventory - Automated Risk Level Categorisation Recovery - Syslog Backups - Downtime - Crisis management Compliance -Automation
  12. 12. Python Automation Ideas
  13. 13. Python Automation Sys/NetworkOps (OS Internals/Command Execution/SSH/SMTP/SNMP) Web modules (OSINT/WebApp Testing/Auth/Injections/Brute force) Cryptography (Hash/Encrypt/Decrypt) Network/Digital Forensics (Steganography/PCAP Analysis/Image Acquisition)
  14. 14. “Practical Session
  15. 15. You can find me at: git@P3t3rp4rk3r Google:”Santhosh Baswa” Any questions? Thanks!

×