Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security Automation - Python - Introduction

448 views

Published on

Where we can automate stuff in Cyber Security using Python.
- Blue Teams
- Red Teams
- AppSec Teams
- DevSecOps Teams
- Compliance Teams

Published in: Technology
  • Be the first to comment

Security Automation - Python - Introduction

  1. 1. P R E S E N T A T I O N B Y P 3 T 3 R P 4 R K 3 R Introduction Security Automation Python
  2. 2. Working as a Security Engineer Hello! I Am Santhosh Baswa You can contact me at Twitter@P3t3rP4rk4r
  3. 3. Think Innovative Automation 1
  4. 4. Automation Innovative & Improve processes using Multiple Integrations. Automation is taking action without human intervention. Scope of Industrialisation.
  5. 5. It is the automatic handling of a task in machine-based security application that would otherwise be done manually by a cyber security professional. Security Automation
  6. 6. Security Automation Security Operations (Blue Team) Adversary Simulation & PT (Red Team) Application SecurityDevSecOps Compliance
  7. 7. SOC Operations (Blue Team) Alert Triage & IR - Integration SIEM - (Log sources) - Correlation Rules & Central Alert System - IR - Team Coordination (Timeline Track) Phishing Triage - Phishing email Analysis. - Extraction IPs & URLs & Attachments. - Integrate & Check those IOCs (F/T) - Automated Email notifications. APIs + Digital Forensic Investigations - Automated Remote Forensic Imaging - Automated Volatility Investigation Report - Innovative Projects (CTI Integrations etc) Threat Intelligence - Integrate Dark Web Intelligence Tools - Track APT + New Malware IOCs - Password Dumps & Email Compromise - Automated Threat Lookups & SIEM
  8. 8. Adversary Simulation (Red Team) & Penetration Testing RT / Pentest Environment - Automated Phishing Campaigns (PhishFrenzy). - Covert C2 Channels & Beacon Infra (Cobalt Strike) - Client Sensitive Data Sync/Secure Backup. Recon - OSINT (Web Crawling) - Campaign Email Generation - Sensitive Data Collection (Ex:Gitrob) Scan/Enumeration - Controlled NMAP Scans (NSE) - Sub Directories/Domains ReportsExploitation - Modification of Toolset - Payload Generation - AV Bypass payload Test Post Exploitation - Data Exfiltration Automation - Slack/Gmail/Twitter/C2
  9. 9. 01 02 03 05 04 Bugs/Fixes - Vulnerable Versions & Packages. - Security Bug fixes (Bug Bounty) Testing/Verification - Automated DAST Program. Code/Implementation - Secure Coding Standards. - Static Code Test Automation Requirements & Design - Choose Dependencies / Languages - Secure Application Design Training - Training program for new joiners / experience developers. - Test their abilities through Quiz. Application Security -Automation
  10. 10. DevSecOps Cloud Infrastructure - Security Monitoring (CloudTrail) - Automated Profile based Security Checks Automated Security Tests - Security Functional Tests (Auth checks) - Default Configs (Apache security config checks) Code Analysis - Static Code Analysis (Vulnerable Functions) Runtime Application Security - Fuzzing/Dynamic checks on Validation. - Automated API input checks.
  11. 11. Detect & Respond - Automated Incident Scoring - Tracking Incidents Protect - Security Controls Check (NIST) - Track process & Procedures Inventory - External Asset Inventory - Automated Risk Level Categorisation Recovery - Syslog Backups - Downtime - Crisis management Compliance -Automation
  12. 12. Python Automation Ideas
  13. 13. Python Automation Sys/NetworkOps (OS Internals/Command Execution/SSH/SMTP/SNMP) Web modules (OSINT/WebApp Testing/Auth/Injections/Brute force) Cryptography (Hash/Encrypt/Decrypt) Network/Digital Forensics (Steganography/PCAP Analysis/Image Acquisition)
  14. 14. “Practical Session
  15. 15. You can find me at: git@P3t3rp4rk3r Google:”Santhosh Baswa” Any questions? Thanks!

×