DEEPSEC 2013: Malware Datamining And Attribution

Michael Boman
Michael BomanIT Security Specialist at Pensionsmyndigheten
Malware Attribution
Theory, Code and Result
Who am I?
• Michael Boman, M.A.R.T. project
• Have been “playing around” with malware
analysis “for a while”

• Working for FireEye
• This is a HOBBY project that I use my
SPARE TIME to work on
Agenda
Theory
behind Malware Attribution

Code
to conduct Malware Attribution analysis

Result
of analysis
Theory
•

Malware Attribution: tracking cyber spies - Greg Hoglund, Blackhat
2010
http://www.youtube.com/watch?v=k4Ry1trQhDk
What am I trying to
do?
Move this way
Binary

Human
What am I trying to
do?
Blacklists

Binary

Net Recon
Command
and Control

Developer
Fingerprints

Tactics
Techniques
Procedures

Social
Cyberspace
DIGINT

Physical
Surveillance
HUMINT

Human
What am I trying to
do?
Blacklists

Binary

Net Recon
Command
and Control

Developer
Fingerprints

Tactics
Techniques
Procedures

Social
Cyberspace
DIGINT

Physical
Surveillance
HUMINT

Human
Blacklists

Net Recon
Command
and Control

Developer
Fingerprints

Tactics
Techniques
Procedures

Social
Cyberspace
DIGINT

Physical
Surveillance
HUMINT
Physical
Surveillance
HUMINT
Social
Cyberspace
DIGINT
Developer
Fingerprints

Tactics
Techniques
Procedures
Blacklists

Net Recon
Command
and Control

Actions / Intent
Installation / Deployment
CNA (spreader) / CNE (search & exfil tool)
COMS
Defensive / Anti-forensic
Exploit
Shellcode
DNS, Command and Control Protocol,
Encryption
Physical
Surveillance
HUMINT
Social
Cyberspace
DIGINT
Developer
Fingerprints

Tactics
Techniques
Procedures
Blacklists

Net Recon
Command
and Control

Actions / Intent
Installation / Deployment
CNA (spreader) / CNE (search & exfil tool)
COMS
Defensive / Anti-forensic
Exploit
Shellcode
DNS, Command and Control Protocol,
Encryption
Steps
• Step 0: Gather malware
• Step 1: Extract metadata from binary
• Step 2: Store metadata and binary in
MongoDB

• Step 3: Analyze collected data
Step 0: Gather malware
•
•
•
•

VirusShare (virusshare.com)

•

Malware Domain List
(www.malwaredomainlist.com/mdl.php)

OpenMalware (www.offensivecomputing.net)
MalShare (www.malshare.com)
CleanMX (support.clean-mx.de/clean-mx/
viruses)
Step 1: Extract
metadata from binary
Development Steps
Source
Core “backbone”
sourcecode

Machine

Binary

Tweaks & Mods
Compiler
3rd party
sourcecode

3rd party libraries

Time

Runtime
libraries

Paths

MAC
Address

Malware

Packing
Development Steps
Source
Core “backbone”
sourcecode

Machine

Binary

Tweaks & Mods
Compiler
3rd party
sourcecode

3rd party libraries

Time

Runtime
libraries

Paths

MAC
Address

Malware

Packing
Development Steps
Source
Core “backbone”
sourcecode

Machine

Binary

Tweaks & Mods
Compiler
3rd party
sourcecode

3rd party libraries

Time

Runtime
libraries

Paths

MAC
Address

Malware

Packing
Step 1: Extract
metadata from binary

•
•
•
•
•

Hashes (for sample identification)

•

md5, sha1, sha256, sha512, ssdeep etc.

File type / Exif / PEiD

•

Compiler / Packer etc.

PE Headers / Imports / Exports etc.
Virustotal results
Tags
Identifying
compiler / packer
• PEiD

• Python
• peutils.SignatureDatabase().match_all()
PE Header information
VirusTotal Results
Tags
• User-supplied tags to identify sample
source and behavior

• analyst / analyst-system supplied
Step 2: Store metadata
and binary in MongoDB
Components
•
•

Modified VXCage server

•

Stores malware & metadata
in MongoDB instead of FS /
ORDBMS

Collects a lot more
metadata then the original
VXCage REST API
•
•
•

/malware/add

•

Add sample

/malware/get/<filehash>

•

Download sample. If no local sample, search other repos

/malware/find

•

Search for sample by md5, sha256, ssdeep, tag, date

• /tags/list
•

List tags
Step 3: Analyze
collected data
Identifying development
environments
• Compiler / Linker / Libraries
• Strings
• Paths
• PE Translation header
• Compile times
• Number of times a software been built
Cataloging behaviors
• Packers
• Encryption
• Anti-debugging
• Anti-VM
• Anti-forensics
Result
Have I seen you before?

• Detects similar malware (based on SSDEEP
fuzzy hashing)
Different MD5,
100% SSDeep match
SSDEEP Analysis

(3007)
SSDEEP Analysis

(3007)
SSDEEP Analysis

(851)
Challanges
• Party handshake problem:
• 707k samples analyzed and counting

(resulting in over 250 billion compares!)

• Need a better target (pre-)selection
What compilers /
packers are common?
1. "Borland Delphi 3.0 (???)", 54298
2. "Microsoft Visual C++ v6.0", 33364
3. "Microsoft Visual C++ 8", 28005
4. "Microsoft Visual Basic v5.0 - v6.0", 26573
5. "UPX v0.80 - v0.84", 22353
Are there any
unidentified packers?
• How to identify a packer
• PE Section is empty in binary, is writable
and executable
How common are antidebugging techniques?
• 31622 out of 531182 PE binaries uses
IsDebuggerPresent (6 %)

• Packed executable uncounted
Analysis Coverage
Source
Core “backbone”
sourcecode

Machine

Binary

Tweaks & Mods
Compiler
3rd party
sourcecode

3rd party libraries

Time

Runtime
libraries

Paths

MAC
Address

Malware

Packing
Future
What am I trying to do
in the future
Blacklists

Binary

Net Recon
Command
and Control

Developer
Fingerprints

Tactics
Techniques
Procedures

Social
Cyberspace
DIGINT

Physical
Surveillance
HUMINT

Human

Expand scope of analysis
+network +memory +os changes +behavior
What am I trying to do
in the future
• More automation
• More modular design
• Solve the “Big Data” issue I am getting
myself into (Hadoop?)

• More pretty graphs
Thank you
• Michael Boman
• michael@michaelboman.org
• @mboman
• http://blog.michaelboman.org
• Code available at https://github.com/
mboman/vxcage
1 of 43

Recommended

44CON 2014: Using hadoop for malware, network, forensics and log analysis by
44CON 2014: Using hadoop for malware, network, forensics and log analysis44CON 2014: Using hadoop for malware, network, forensics and log analysis
44CON 2014: Using hadoop for malware, network, forensics and log analysisMichael Boman
10.1K views34 slides
Performing network security analytics by
Performing network security analyticsPerforming network security analytics
Performing network security analyticsDataWorks Summit
2.3K views15 slides
Performing Network & Security Analytics with Hadoop by
Performing Network & Security Analytics with HadoopPerforming Network & Security Analytics with Hadoop
Performing Network & Security Analytics with HadoopDataWorks Summit
4.8K views15 slides
Hadoop / Spark on Malware Expression by
Hadoop / Spark on Malware ExpressionHadoop / Spark on Malware Expression
Hadoop / Spark on Malware ExpressionMapR Technologies
5.8K views38 slides
Applied Detection and Analysis Using Flow Data - MIRCon 2014 by
Applied Detection and Analysis Using Flow Data - MIRCon 2014Applied Detection and Analysis Using Flow Data - MIRCon 2014
Applied Detection and Analysis Using Flow Data - MIRCon 2014chrissanders88
25.1K views58 slides
Managing your black friday logs Voxxed Luxembourg by
Managing your black friday logs Voxxed LuxembourgManaging your black friday logs Voxxed Luxembourg
Managing your black friday logs Voxxed LuxembourgDavid Pilato
475 views69 slides

More Related Content

What's hot

2015 moloch recipes by
2015 moloch recipes2015 moloch recipes
2015 moloch recipesGeoffrey Crespin
361 views23 slides
Leveraging DNS to Surface Attacker Activity by
Leveraging DNS to Surface Attacker ActivityLeveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker ActivitySqrrl
697 views35 slides
Blackhat 2018 - The New Pentest? Rise of the Compromise Assessment by
Blackhat 2018 - The New Pentest? Rise of the Compromise AssessmentBlackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise AssessmentChristopher Gerritz
675 views22 slides
Big Data Analytics 3: Machine Learning to Engage the Customer, with Apache Sp... by
Big Data Analytics 3: Machine Learning to Engage the Customer, with Apache Sp...Big Data Analytics 3: Machine Learning to Engage the Customer, with Apache Sp...
Big Data Analytics 3: Machine Learning to Engage the Customer, with Apache Sp...MongoDB
5.7K views32 slides
Billions & Billions of Logs by
Billions & Billions of LogsBillions & Billions of Logs
Billions & Billions of LogsJack Crook
7K views41 slides
Hades by
HadesHades
HadesPratik Narang
301 views8 slides

What's hot(20)

Leveraging DNS to Surface Attacker Activity by Sqrrl
Leveraging DNS to Surface Attacker ActivityLeveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker Activity
Sqrrl697 views
Blackhat 2018 - The New Pentest? Rise of the Compromise Assessment by Christopher Gerritz
Blackhat 2018 - The New Pentest? Rise of the Compromise AssessmentBlackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Big Data Analytics 3: Machine Learning to Engage the Customer, with Apache Sp... by MongoDB
Big Data Analytics 3: Machine Learning to Engage the Customer, with Apache Sp...Big Data Analytics 3: Machine Learning to Engage the Customer, with Apache Sp...
Big Data Analytics 3: Machine Learning to Engage the Customer, with Apache Sp...
MongoDB5.7K views
Billions & Billions of Logs by Jack Crook
Billions & Billions of LogsBillions & Billions of Logs
Billions & Billions of Logs
Jack Crook7K views
Managing your black friday logs - Code Europe by David Pilato
Managing your black friday logs - Code EuropeManaging your black friday logs - Code Europe
Managing your black friday logs - Code Europe
David Pilato321 views
Using Canary Honeypots for Network Security Monitoring by chrissanders88
Using Canary Honeypots for Network Security MonitoringUsing Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security Monitoring
chrissanders8822.8K views
Big Data Science with H2O in R by Anqi Fu
Big Data Science with H2O in RBig Data Science with H2O in R
Big Data Science with H2O in R
Anqi Fu8.4K views
DAVIX - Data Analysis and Visualization Linux by Raffael Marty
DAVIX - Data Analysis and Visualization LinuxDAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization Linux
Raffael Marty4.2K views
Filar seymour oreilly_bot_story_ by EndgameInc
Filar seymour oreilly_bot_story_Filar seymour oreilly_bot_story_
Filar seymour oreilly_bot_story_
EndgameInc212 views
Minimum technology stack to setup Hadoop lab by Anurag Shrivastava
Minimum technology stack to setup Hadoop labMinimum technology stack to setup Hadoop lab
Minimum technology stack to setup Hadoop lab
Anurag Shrivastava593 views
Csongor Tamás - Examples of Locality Sensitive Hashing & their Usage for Malw... by hacktivity
Csongor Tamás - Examples of Locality Sensitive Hashing & their Usage for Malw...Csongor Tamás - Examples of Locality Sensitive Hashing & their Usage for Malw...
Csongor Tamás - Examples of Locality Sensitive Hashing & their Usage for Malw...
hacktivity117 views
Interactive Data Analysis with Apache Flink @ Flink Meetup in Berlin by Till Rohrmann
Interactive Data Analysis with Apache Flink @ Flink Meetup in BerlinInteractive Data Analysis with Apache Flink @ Flink Meetup in Berlin
Interactive Data Analysis with Apache Flink @ Flink Meetup in Berlin
Till Rohrmann5.7K views
Incident Response for the Work-from-home Workforce by Christopher Gerritz
Incident Response for the Work-from-home WorkforceIncident Response for the Work-from-home Workforce
Incident Response for the Work-from-home Workforce
Real-Time Status Commands by Splunk
Real-Time Status CommandsReal-Time Status Commands
Real-Time Status Commands
Splunk2.2K views
Mongo db multidc_webinar by MongoDB
Mongo db multidc_webinarMongo db multidc_webinar
Mongo db multidc_webinar
MongoDB6.7K views

Similar to DEEPSEC 2013: Malware Datamining And Attribution

OSINT for Attack and Defense by
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
9.8K views46 slides
Protect Your Payloads: Modern Keying Techniques by
Protect Your Payloads: Modern Keying TechniquesProtect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying TechniquesLeo Loobeek
1.4K views70 slides
Commodity malware means YOU by
Commodity malware means YOUCommodity malware means YOU
Commodity malware means YOUMichael Gough
1.8K views55 slides
Sandbox vs manual analysis v2.1 by
Sandbox vs manual analysis v2.1Sandbox vs manual analysis v2.1
Sandbox vs manual analysis v2.1Michael Gough
1.3K views50 slides
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou... by
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...FINOS
163 views41 slides
The Web Application Hackers Toolchain by
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchainjasonhaddix
4.5K views53 slides

Similar to DEEPSEC 2013: Malware Datamining And Attribution(20)

OSINT for Attack and Defense by Andrew McNicol
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
Andrew McNicol9.8K views
Protect Your Payloads: Modern Keying Techniques by Leo Loobeek
Protect Your Payloads: Modern Keying TechniquesProtect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying Techniques
Leo Loobeek1.4K views
Commodity malware means YOU by Michael Gough
Commodity malware means YOUCommodity malware means YOU
Commodity malware means YOU
Michael Gough1.8K views
Sandbox vs manual analysis v2.1 by Michael Gough
Sandbox vs manual analysis v2.1Sandbox vs manual analysis v2.1
Sandbox vs manual analysis v2.1
Michael Gough1.3K views
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou... by FINOS
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
FINOS163 views
The Web Application Hackers Toolchain by jasonhaddix
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchain
jasonhaddix4.5K views
"Hands Off! Best Practices for Code Hand Offs" by Naomi Dushay
"Hands Off!  Best Practices for Code Hand Offs""Hands Off!  Best Practices for Code Hand Offs"
"Hands Off! Best Practices for Code Hand Offs"
Naomi Dushay1.1K views
Partner Webinar: Recommendation Engines with MongoDB and Hadoop by MongoDB
 Partner Webinar: Recommendation Engines with MongoDB and Hadoop Partner Webinar: Recommendation Engines with MongoDB and Hadoop
Partner Webinar: Recommendation Engines with MongoDB and Hadoop
MongoDB10.1K views
Improving your team’s source code searching capabilities by Nikos Katirtzis
Improving your team’s source code searching capabilitiesImproving your team’s source code searching capabilities
Improving your team’s source code searching capabilities
Nikos Katirtzis510 views
Improving your team's source code searching capabilities - Voxxed Thessalonik... by Nikos Katirtzis
Improving your team's source code searching capabilities - Voxxed Thessalonik...Improving your team's source code searching capabilities - Voxxed Thessalonik...
Improving your team's source code searching capabilities - Voxxed Thessalonik...
Nikos Katirtzis52 views
Pentesting Tips: Beyond Automated Testing by Andrew McNicol
Pentesting Tips: Beyond Automated TestingPentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated Testing
Andrew McNicol1.9K views
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx by lior mazor
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxThe Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
lior mazor32 views
[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012 by Zoltan Balazs
[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012
[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012
Zoltan Balazs1.3K views
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions by Zoltan Balazs
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
Zoltan Balazs791 views
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ... by Denim Group
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Denim Group389 views
Sandbox vs manual malware analysis v1.1 by Michael Gough
Sandbox vs manual malware analysis v1.1Sandbox vs manual malware analysis v1.1
Sandbox vs manual malware analysis v1.1
Michael Gough2.4K views
Logging for hackers SAINTCON by Michael Gough
Logging for hackers SAINTCONLogging for hackers SAINTCON
Logging for hackers SAINTCON
Michael Gough1.2K views
Keith J. Jones, Ph.D. - Crash Course malware analysis by Keith Jones, PhD
Keith J. Jones, Ph.D. - Crash Course malware analysisKeith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysis
Keith Jones, PhD334 views

More from Michael Boman

How to drive a malware analyst crazy by
How to drive a malware analyst crazyHow to drive a malware analyst crazy
How to drive a malware analyst crazyMichael Boman
1.1K views51 slides
Indicators of compromise: From malware analysis to eradication by
Indicators of compromise: From malware analysis to eradicationIndicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradicationMichael Boman
1.4K views29 slides
44CON 2013 - Controlling a PC using Arduino by
44CON 2013 - Controlling a PC using Arduino44CON 2013 - Controlling a PC using Arduino
44CON 2013 - Controlling a PC using ArduinoMichael Boman
2.2K views15 slides
Malware Analysis on a Shoestring Budget by
Malware Analysis on a Shoestring BudgetMalware Analysis on a Shoestring Budget
Malware Analysis on a Shoestring BudgetMichael Boman
1.3K views41 slides
Malware analysis as a hobby (Owasp Göteborg) by
Malware analysis as a hobby (Owasp Göteborg)Malware analysis as a hobby (Owasp Göteborg)
Malware analysis as a hobby (Owasp Göteborg)Michael Boman
776 views37 slides
Malware Analysis as a Hobby by
Malware Analysis as a HobbyMalware Analysis as a Hobby
Malware Analysis as a HobbyMichael Boman
1K views31 slides

More from Michael Boman(20)

How to drive a malware analyst crazy by Michael Boman
How to drive a malware analyst crazyHow to drive a malware analyst crazy
How to drive a malware analyst crazy
Michael Boman1.1K views
Indicators of compromise: From malware analysis to eradication by Michael Boman
Indicators of compromise: From malware analysis to eradicationIndicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradication
Michael Boman1.4K views
44CON 2013 - Controlling a PC using Arduino by Michael Boman
44CON 2013 - Controlling a PC using Arduino44CON 2013 - Controlling a PC using Arduino
44CON 2013 - Controlling a PC using Arduino
Michael Boman2.2K views
Malware Analysis on a Shoestring Budget by Michael Boman
Malware Analysis on a Shoestring BudgetMalware Analysis on a Shoestring Budget
Malware Analysis on a Shoestring Budget
Michael Boman1.3K views
Malware analysis as a hobby (Owasp Göteborg) by Michael Boman
Malware analysis as a hobby (Owasp Göteborg)Malware analysis as a hobby (Owasp Göteborg)
Malware analysis as a hobby (Owasp Göteborg)
Michael Boman776 views
Malware Analysis as a Hobby by Michael Boman
Malware Analysis as a HobbyMalware Analysis as a Hobby
Malware Analysis as a Hobby
Michael Boman1K views
Malware analysis as a hobby - the short story (lightning talk) by Michael Boman
Malware analysis as a hobby - the short story (lightning talk)Malware analysis as a hobby - the short story (lightning talk)
Malware analysis as a hobby - the short story (lightning talk)
Michael Boman575 views
Sans och vett på Internet by Michael Boman
Sans och vett på InternetSans och vett på Internet
Sans och vett på Internet
Michael Boman452 views
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W... by Michael Boman
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Michael Boman628 views
Hur man kan testa sin HTTPS-server by Michael Boman
Hur man kan testa sin HTTPS-serverHur man kan testa sin HTTPS-server
Hur man kan testa sin HTTPS-server
Michael Boman381 views
OWASP AppSec Research 2010 - The State of SSL in the World by Michael Boman
OWASP AppSec Research 2010 - The State of SSL in the WorldOWASP AppSec Research 2010 - The State of SSL in the World
OWASP AppSec Research 2010 - The State of SSL in the World
Michael Boman418 views
Enkla hackerknep för testare by Michael Boman
Enkla hackerknep för testareEnkla hackerknep för testare
Enkla hackerknep för testare
Michael Boman511 views
Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08 by Michael Boman
Privacy In Wireless Networks   Keeping Your Private Data Private 2008-08-08Privacy In Wireless Networks   Keeping Your Private Data Private 2008-08-08
Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08
Michael Boman331 views
USB (In)Security 2008-08-22 by Michael Boman
USB (In)Security 2008-08-22USB (In)Security 2008-08-22
USB (In)Security 2008-08-22
Michael Boman409 views
Automatic Malware Analysis 2008-09-19 by Michael Boman
Automatic Malware Analysis 2008-09-19Automatic Malware Analysis 2008-09-19
Automatic Malware Analysis 2008-09-19
Michael Boman340 views
Overcoming USB (In)Security by Michael Boman
Overcoming USB (In)SecurityOvercoming USB (In)Security
Overcoming USB (In)Security
Michael Boman987 views
Privacy in Wireless Networks by Michael Boman
Privacy in Wireless NetworksPrivacy in Wireless Networks
Privacy in Wireless Networks
Michael Boman754 views
Network Security Monitoring - Theory and Practice by Michael Boman
Network Security Monitoring - Theory and PracticeNetwork Security Monitoring - Theory and Practice
Network Security Monitoring - Theory and Practice
Michael Boman1K views
Introduction To Linux Security by Michael Boman
Introduction To Linux SecurityIntroduction To Linux Security
Introduction To Linux Security
Michael Boman1.5K views

Recently uploaded

Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P... by
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...ShapeBlue
60 views62 slides
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R... by
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...ShapeBlue
37 views15 slides
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue by
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlueMigrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlueShapeBlue
71 views20 slides
MVP and prioritization.pdf by
MVP and prioritization.pdfMVP and prioritization.pdf
MVP and prioritization.pdfrahuldharwal141
37 views8 slides
PharoJS - Zürich Smalltalk Group Meetup November 2023 by
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023Noury Bouraqadi
139 views17 slides
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or... by
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...ShapeBlue
64 views20 slides

Recently uploaded(20)

Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P... by ShapeBlue
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
ShapeBlue60 views
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R... by ShapeBlue
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...
ShapeBlue37 views
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue by ShapeBlue
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlueMigrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue
ShapeBlue71 views
PharoJS - Zürich Smalltalk Group Meetup November 2023 by Noury Bouraqadi
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023
Noury Bouraqadi139 views
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or... by ShapeBlue
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
ShapeBlue64 views
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT by ShapeBlue
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBITUpdates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
ShapeBlue66 views
Igniting Next Level Productivity with AI-Infused Data Integration Workflows by Safe Software
Igniting Next Level Productivity with AI-Infused Data Integration Workflows Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Safe Software317 views
Business Analyst Series 2023 - Week 3 Session 5 by DianaGray10
Business Analyst Series 2023 -  Week 3 Session 5Business Analyst Series 2023 -  Week 3 Session 5
Business Analyst Series 2023 - Week 3 Session 5
DianaGray10345 views
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive by Network Automation Forum
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLiveAutomating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit... by ShapeBlue
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
ShapeBlue40 views
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T by ShapeBlue
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TCloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
ShapeBlue38 views
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda... by ShapeBlue
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
ShapeBlue44 views
Backroll, News and Demo - Pierre Charton, Matthias Dhellin, Ousmane Diarra - ... by ShapeBlue
Backroll, News and Demo - Pierre Charton, Matthias Dhellin, Ousmane Diarra - ...Backroll, News and Demo - Pierre Charton, Matthias Dhellin, Ousmane Diarra - ...
Backroll, News and Demo - Pierre Charton, Matthias Dhellin, Ousmane Diarra - ...
ShapeBlue61 views
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue by ShapeBlue
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlueCloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue
ShapeBlue26 views
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha... by ShapeBlue
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
ShapeBlue54 views
Five Things You SHOULD Know About Postman by Postman
Five Things You SHOULD Know About PostmanFive Things You SHOULD Know About Postman
Five Things You SHOULD Know About Postman
Postman38 views

DEEPSEC 2013: Malware Datamining And Attribution