Security Automation - Python - Introduction

•

2 recomendaciones•876 vistas

This document summarizes how security automation can be applied across different areas including security operations, adversary simulation, application security, DevSecOps, and compliance using various tools and Python. Security automation involves integrating tools and automating tasks to improve processes like alert triage, threat intelligence, penetration testing, code analysis, and incident response that would otherwise be done manually. The presenter provides examples of how tasks like phishing email analysis, forensic investigations, vulnerability scanning, and security control checks can be automated using APIs, Python modules for networking and web applications, and other tools to innovate security operations.

Tecnología

P R E S E N T A T I O N B Y P 3 T 3 R P 4 R K 3 R
Introduction
Security Automation
Python

Working as a Security Engineer
Hello!
I Am Santhosh Baswa
You can contact me at Twitter@P3t3rP4rk4r

Automation
Innovative & Improve processes using Multiple Integrations.
Automation is taking action without human intervention.
Scope of Industrialisation.

It is the automatic handling of a task in machine-based
security application that would otherwise be done manually
by a cyber security professional.
Security Automation

Security
Automation
Security Operations
(Blue Team)
Adversary
Simulation & PT
(Red Team)
Application
SecurityDevSecOps
Compliance

SOC Operations
(Blue Team)
Alert Triage & IR
- Integration SIEM - (Log sources)
- Correlation Rules & Central Alert System
- IR - Team Coordination (Timeline Track)
Phishing Triage
- Phishing email Analysis.
- Extraction IPs & URLs & Attachments.
- Integrate & Check those IOCs (F/T)
- Automated Email notifications.
APIs + Digital
Forensic
Investigations
- Automated Remote Forensic Imaging
- Automated Volatility Investigation Report
- Innovative Projects (CTI Integrations etc)
Threat Intelligence
- Integrate Dark Web Intelligence Tools
- Track APT + New Malware IOCs
- Password Dumps & Email Compromise
- Automated Threat Lookups & SIEM

Adversary Simulation (Red Team)
&
Penetration Testing
RT / Pentest Environment
- Automated Phishing Campaigns (PhishFrenzy).
- Covert C2 Channels & Beacon Infra (Cobalt Strike)
- Client Sensitive Data Sync/Secure Backup.
Recon
- OSINT (Web Crawling)
- Campaign Email Generation
- Sensitive Data Collection (Ex:Gitrob)
Scan/Enumeration
- Controlled NMAP Scans (NSE)
- Sub Directories/Domains ReportsExploitation
- Modification of Toolset
- Payload Generation
- AV Bypass payload Test Post Exploitation
- Data Exfiltration Automation
- Slack/Gmail/Twitter/C2

01
02
03
05
04
Bugs/Fixes
- Vulnerable Versions & Packages.
- Security Bug fixes (Bug Bounty)
Testing/Verification
- Automated DAST Program.
Code/Implementation
- Secure Coding Standards.
- Static Code Test Automation
Requirements & Design
- Choose Dependencies / Languages
- Secure Application Design
Training
- Training program for new joiners /
experience developers.
- Test their abilities through Quiz.
Application Security -Automation

Detect & Respond
- Automated Incident Scoring
- Tracking Incidents
Protect
- Security Controls Check (NIST)
- Track process & Procedures
Inventory
- External Asset Inventory
- Automated Risk Level
Categorisation
Recovery
- Syslog Backups
- Downtime
- Crisis management
Compliance -Automation

Python Automation
Sys/NetworkOps (OS Internals/Command Execution/SSH/SMTP/SNMP)
Web modules (OSINT/WebApp Testing/Auth/Injections/Brute force)
Cryptography (Hash/Encrypt/Decrypt)
Network/Digital Forensics (Steganography/PCAP Analysis/Image Acquisition)

You can find me at:
git@P3t3rp4rk3r
Google:”Santhosh Baswa”
Any questions?
Thanks!

Más contenido relacionado

La actualidad más candente

7 palo alto security zones & interfaces concepts

Mostafa El Lathy

Mobil Pentest Eğitim Dökümanı

Ahmet Gürel

DDoS Threats Landscape : Countering Large-scale DDoS attacks

MyNOG

IBM MQ - better application performance

MarkTaylorIBM

Pki Training V1.5

Sylvain Maret

Webinar topic: Tunnel VS VPN on Mikrotik Presenter: Achmad Mardiansyah In this webinar series, We are discussing Tunnel VS VPN on Mikrotik Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback Check our schedule for future events: https://www.glcnetworks.com/schedule/ Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram See you at the next event Recording available on Youtube https://youtu.be/VHMf9pwhOrA

Tunnel vs VPN on Mikrotik

GLC Networks

AAA Implementation

Ahmad El Tawil

Packets never lie: An in-depth overview of 802.11 frames

Aruba, a Hewlett Packard Enterprise company

NETWORK PENETRATION TESTING

Er Vivek Rana

3 aruba arm and cm

Venudhanraj

pfSense Firewall ve Router Eğitimi

BGA Cyber Security

Nmap and metasploitable

Mohammed Akbar Shariff

EMEA Airheads- Switch stacking_ ArubaOS Switch

Aruba, a Hewlett Packard Enterprise company

Nginx Reverse Proxy with Kafka.pptx

wonyong hwang

10 palo alto nat policy concepts

Mostafa El Lathy

12 palo alto app-id concept

Mostafa El Lathy

iOS Application Security

Egor Tolstoy

Pentest with Metasploit

M.Syarifudin, ST, OSCP, OSWP

Cyber Kill Chain.pptx

Vivek Chauhan

TCP/IP Ağlarda Parçalanmış Paketler ve Etkileri

BGA Cyber Security

La actualidad más candente (20)

7 palo alto security zones & interfaces concepts

Mobil Pentest Eğitim Dökümanı

DDoS Threats Landscape : Countering Large-scale DDoS attacks

IBM MQ - better application performance

Pki Training V1.5

Tunnel vs VPN on Mikrotik

AAA Implementation

Packets never lie: An in-depth overview of 802.11 frames

NETWORK PENETRATION TESTING

3 aruba arm and cm

pfSense Firewall ve Router Eğitimi

Nmap and metasploitable

EMEA Airheads- Switch stacking_ ArubaOS Switch

Nginx Reverse Proxy with Kafka.pptx

10 palo alto nat policy concepts

12 palo alto app-id concept

iOS Application Security

Pentest with Metasploit

Cyber Kill Chain.pptx

TCP/IP Ağlarda Parçalanmış Paketler ve Etkileri

Similar a Security Automation - Python - Introduction

Sumo Logic Cert Jam - Security Analytics

Sumo Logic

This talk briefly discusses strategies and methodologies than can be employed when assessing IoT devices. We look at how to develop credible threat scenarios for different IoT device and systems, perform static and dynamic attack surface mapping, perform static firmware analysis, perform static hardware analysis, undertake a dynamic device security analysis, sources of supporting information, supporting capability requirements and establishment, Execution of dynamic device analysis and approaches around network protocol analysis.

Practical Security Assessments of IoT Devices and Systems

Ollie Whitehouse

Get Certified as a Sumo Security Power User! With security threats on the rise, come join our Security and Compliance experts to learn how Sumo Logic’s Threat Intelligence can help you stay on top of your environment by matching IOCs like IP address, domain names, URL, email addresses, MD5 hashes and more, to increase velocity and accuracy of threat detection. Hands on labs help cement the knowledge learned.

Security Certification: Security Analytics using Sumo Logic - Oct 2018

Sumo Logic

This talk will highlight a signature-less method to detect malicious behavior before the delivery of the ransomware payload can infect the machine. The ML-driven detection method is coupled with the automated generation of a Group Policy Object and in this way we demonstrate an automated way to take action and create a policy based on observed IOC’s detected in a zero-day exploit pattern. ( Source : RSA Conference USA 2017)

Automated prevention of ransomware with machine learning and gpos

Priyanka Aash

SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs

Rod Soto

Over the past few years, penetration testing has gotten easier. What used to take a week of scanning, analysis, and exploit research now happens in one day on average in a common IT environment. The efficiency of compromise has increased based on several factors including increased knowledge sharing, more robust computing, and automated exploitation tools. OT environments are often utilizing the same operating systems and are prone to many of the same attacks. The main differences are the presence of custom protocols, embedded systems, and lack of formal security programs to address the gaps created by two-way data communication networks. This talk will show the most common attacks which our team currently uses to gain access and control over the networks and systems we test. More importantly, we will discuss the “top 10” things an organization can do to mitigate, remediate, and have active visibility into critical systems.

Slide Griffin - Practical Attacks and Mitigations

EnergySec

technical-information-gathering-slides.pdf

MarceloCunha571649

Over the past decade, usage of online applications is experiencing remarkable growth. One of the main reasons for the success of web application is its “Ease of Access” and availability on internet. The simplicity of the HTTP protocol makes it easy to steal and spoof identity. The business liability associated with protecting online information has increased significantly and this is an issue that must be addressed. According to SANSTop20, 2013 list the number one targeted server side vulnerability are Web Applications. So, this has made detecting and preventing attacks on web applications a top priority for IT companies. In this paper, a rational solution is brought to detect events on web application and provides Security intelligence, log management and extensible reporting by analyzing web server logs.

Big Data Security Analytic Solution using Splunk

IJERA Editor

Axxera Security Solutions

akshayvreddy

The recorded version of 'Best Of The World Webcast Series' [Webinar] where Jacob Holcomb speaks on 'RIoT (Raiding Internet of Things)' is available on CISOPlatform. Best Of The World Webcast Series are webinars where breakthrough/original security researchers showcase their study, to offer the CISO/security experts the best insights in information security. For more signup(it's free): www.cisoplatform.com

RIoT (Raiding Internet of Things) by Jacob Holcomb

Priyanka Aash

The cyber threat landscape is becoming more dangerous and challenging all the time. Here, you’ll find a practical, expert-crafted resource to help keep your enterprise secure and successful for the long-term. It’s our way to help you get informed -- and stay safe. Protection API -Transforms your existing devices into a complete APT solution -Complements current network security -Enhances perimeter defenses

Application Programming Interface

Seculert

Discover how Sona Srinivasan, Senior Architect of Cisco IT’s Global Architecture and Technology Services group, helps transform an IT DevOps strategy to a Security DevOps strategy, with IBM Security's assistance. Cisco is presently implementing continuous security and agile methods throughout the software development lifecycle (SDLC), and specific examples of current initiatives will be reviewed in this session.

Leverage DevOps & Agile Development to Transform Your Application Testing Pro...

Deborah Schalm

Leverage DevOps & Agile Development to Transform Your Application Testing Pro...

DevOps.com

Leverage DevOps & Agile Development to Transform Your Application Testing Pro...

DevOps for Enterprise Systems

INTERFACE by apidays 2023 APIs for a “Smart” economy. Embedding AI to deliver Smart APIs and turn into an exponential organization June 28 & 29, 2023 Security Exposure Management in API First World Sandeep Nain, VP Security and Trust at Carta ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...

apidays

ScaleOut your team - Building a technology team for scale in a DevOps culture

AgileSparks

MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security

APNIC

2022 APIsecure_Method for exploiting IDOR on nodejs+mongodb based backend

APIsecure_ Official

Tematem mojej prezentacji będzie omówienie wybranych zagrożeń bezpieczeństwa, które są wykrywane i obsługwane przez analityków SOC. Zwrócę uwagę na incydenty bezpieczeństwa, które powinny być przedmiotem monitorowania w każdym SOC oraz wskażę przykłady implementacji mechanizmów detekcji wybranych zagrożeń. W drugiej części prezentacji opowiem o stowarzyszeniu (ISC)2 Poland Chapter, a dokładniej czym się zajmujemy i jak można do nas dołączyć. http://isc2chapter-poland.com/

[CONFidence 2016] Jacek Grymuza - From a life of SOC Analyst

PROIDEA

Getting Started with Splunk Enterprise

Splunk

Similar a Security Automation - Python - Introduction (20)

Sumo Logic Cert Jam - Security Analytics

Practical Security Assessments of IoT Devices and Systems

Security Certification: Security Analytics using Sumo Logic - Oct 2018

Automated prevention of ransomware with machine learning and gpos

SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs

Slide Griffin - Practical Attacks and Mitigations

technical-information-gathering-slides.pdf

Big Data Security Analytic Solution using Splunk

Axxera Security Solutions

RIoT (Raiding Internet of Things) by Jacob Holcomb

Application Programming Interface

Leverage DevOps & Agile Development to Transform Your Application Testing Pro...

INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...

ScaleOut your team - Building a technology team for scale in a DevOps culture

MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security

2022 APIsecure_Method for exploiting IDOR on nodejs+mongodb based backend

[CONFidence 2016] Jacek Grymuza - From a life of SOC Analyst

Getting Started with Splunk Enterprise

Último

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

In an era where artificial intelligence (AI) stands at the forefront of business innovation, Information Architecture (IA) is at the core of functionality. See “There’s No AI Without IA” – (from 2016 but even more relevant today) Understanding and leveraging how Information Architecture (IA) supports AI synergies between knowledge engineering and prompt engineering is critical for senior leaders looking to successfully deploy AI for internal and externally facing knowledge processes. This webinar be a high-level overview of the methodologies that can elevate AI-driven knowledge processes supporting both employees and customers. Core Insights Include: Strategic Knowledge Engineering: Delve into how structuring AI's knowledge base is required to prevent hallucinations, enable contextual retrieval of accurate information. This will include discussion of gold standard libraries of use cases support testing various LLMs and structures and configurations of knowledge base. Precision in Prompt Engineering: Learn the art of crafting prompts that direct AI to deliver targeted, relevant responses, thereby optimizing customer experiences and business outcomes. Unified Approach for Enhanced AI Performance: Explore the intersection of knowledge and prompt engineering to develop AI systems that are not only more responsive but also aligned with overarching business strategies. Guiding Principles for Implementation: Equip yourself with best practices, ethical guidelines, and strategic considerations for embedding these technologies into your business ecosystem effectively. This webinar is designed to empower business and technology leaders with the knowledge to harness the full potential of AI, ensuring their organizations not only keep pace with digital transformation but lead the charge. Join us to map a roadmap to fully leverage Information Architecture (IA) and AI chart a course towards a future where AI is a key pillar of strategic innovation and business success.

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Earley Information Science

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Friends Colony Women Seeking Men

Delhi Call girls

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Delhi Call girls

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

CNv6 Instructor Chapter 6 Quality of Service

giselly40

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Tech Trends Report 2024 Future Today Institute.pdf

hans926745

Histor y of HAM Radio presentation slide

vu2urc

Security Automation - Python - Introduction

1. P R E S E N T A T I O N B Y P 3 T 3 R P 4 R K 3 R Introduction Security Automation Python

2. Working as a Security Engineer Hello! I Am Santhosh Baswa You can contact me at Twitter@P3t3rP4rk4r

3. Think Innovative Automation 1

4. Automation Innovative & Improve processes using Multiple Integrations. Automation is taking action without human intervention. Scope of Industrialisation.

5. It is the automatic handling of a task in machine-based security application that would otherwise be done manually by a cyber security professional. Security Automation

6. Security Automation Security Operations (Blue Team) Adversary Simulation & PT (Red Team) Application SecurityDevSecOps Compliance

7. SOC Operations (Blue Team) Alert Triage & IR - Integration SIEM - (Log sources) - Correlation Rules & Central Alert System - IR - Team Coordination (Timeline Track) Phishing Triage - Phishing email Analysis. - Extraction IPs & URLs & Attachments. - Integrate & Check those IOCs (F/T) - Automated Email notifications. APIs + Digital Forensic Investigations - Automated Remote Forensic Imaging - Automated Volatility Investigation Report - Innovative Projects (CTI Integrations etc) Threat Intelligence - Integrate Dark Web Intelligence Tools - Track APT + New Malware IOCs - Password Dumps & Email Compromise - Automated Threat Lookups & SIEM

8. Adversary Simulation (Red Team) & Penetration Testing RT / Pentest Environment - Automated Phishing Campaigns (PhishFrenzy). - Covert C2 Channels & Beacon Infra (Cobalt Strike) - Client Sensitive Data Sync/Secure Backup. Recon - OSINT (Web Crawling) - Campaign Email Generation - Sensitive Data Collection (Ex:Gitrob) Scan/Enumeration - Controlled NMAP Scans (NSE) - Sub Directories/Domains ReportsExploitation - Modification of Toolset - Payload Generation - AV Bypass payload Test Post Exploitation - Data Exfiltration Automation - Slack/Gmail/Twitter/C2

9. 01 02 03 05 04 Bugs/Fixes - Vulnerable Versions & Packages. - Security Bug fixes (Bug Bounty) Testing/Verification - Automated DAST Program. Code/Implementation - Secure Coding Standards. - Static Code Test Automation Requirements & Design - Choose Dependencies / Languages - Secure Application Design Training - Training program for new joiners / experience developers. - Test their abilities through Quiz. Application Security -Automation

10. DevSecOps Cloud Infrastructure - Security Monitoring (CloudTrail) - Automated Profile based Security Checks Automated Security Tests - Security Functional Tests (Auth checks) - Default Configs (Apache security config checks) Code Analysis - Static Code Analysis (Vulnerable Functions) Runtime Application Security - Fuzzing/Dynamic checks on Validation. - Automated API input checks.

11. Detect & Respond - Automated Incident Scoring - Tracking Incidents Protect - Security Controls Check (NIST) - Track process & Procedures Inventory - External Asset Inventory - Automated Risk Level Categorisation Recovery - Syslog Backups - Downtime - Crisis management Compliance -Automation

12. Python Automation Ideas

13. Python Automation Sys/NetworkOps (OS Internals/Command Execution/SSH/SMTP/SNMP) Web modules (OSINT/WebApp Testing/Auth/Injections/Brute force) Cryptography (Hash/Encrypt/Decrypt) Network/Digital Forensics (Steganography/PCAP Analysis/Image Acquisition)

14. “Practical Session

15. You can find me at: git@P3t3rp4rk3r Google:”Santhosh Baswa” Any questions? Thanks!

Security Automation - Python - Introduction

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a Security Automation - Python - Introduction

Similar a Security Automation - Python - Introduction (20)

Último

Último (20)

Security Automation - Python - Introduction