Sooty is a tool that aims to automate parts of a SOC analyst's workflow to allow them to spend more time on deeper analysis. Peepdf is a Python tool to explore PDF files and detect any potentially harmful elements. PyREBox is a Python scriptable reverse engineering sandbox based on QEMU to aid reverse engineering through dynamic analysis and debugging. Fail2Ban scans log files to detect and ban malicious IPs showing signs like too many password failures or exploits.
7 Steps to Build a SOC with Limited ResourcesLogRhythm
Most organizations don't have the resources to staff a 24x7 security operations center (SOC). This results in events that aren't monitored around the clock, major delays in detecting and responding to incidents, and the inability for the team to proactively hunt for threats. It's a dangerous situation.
But there is a solution. By using the Threat Lifecycle Management framework to combine people, process, and technology to automate manual tasks, your team can rapidly detect and respond to threats—without adding resources. Read on to learn 7 steps to building your SOC, even when your resources are limited.
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
In order to effectively defend your organization, you must think about the offensive strategy as well. But before we get ahead of ourselves let’s talk briefly about the building blocks of a good offense. First is an architecture that is built around a security policy that is aligned with the business risk. Risk must be understood and a cookie cutter approach must be avoided here because again every organization is different and so are their risks.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Knowledge for the masses: Storytelling with ATT&CKMITRE ATT&CK
From ATT&CKcon 3.0
By Ismael Valenzuela and Jose Luis Sanchez Martinez, Trellix
The Trellix team believes that creating and sharing compelling stories about cyber threats -with ATT&CK- is a powerful way for raising awareness and enabling actionability against cyber threats.
In this talk the team will share their experiences leveraging ATT&CK to disseminate Threat knowledge to different audiences (Software Development teams, Managers, Threat detection engineers, Threat hunters, Cyber Threat Analysts, Support Engineers, upper management, etc.).
They will show concrete examples and representations created with ATT&CK to describe the threats at different levels, including: 1) an Attack Path graph that shows the overall flow of the attack; 2) Tactic-specific TTP summary tables and graphs; 3) very detailed, step-by-step description of the attacker's behaviors.
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
7 Steps to Build a SOC with Limited ResourcesLogRhythm
Most organizations don't have the resources to staff a 24x7 security operations center (SOC). This results in events that aren't monitored around the clock, major delays in detecting and responding to incidents, and the inability for the team to proactively hunt for threats. It's a dangerous situation.
But there is a solution. By using the Threat Lifecycle Management framework to combine people, process, and technology to automate manual tasks, your team can rapidly detect and respond to threats—without adding resources. Read on to learn 7 steps to building your SOC, even when your resources are limited.
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
In order to effectively defend your organization, you must think about the offensive strategy as well. But before we get ahead of ourselves let’s talk briefly about the building blocks of a good offense. First is an architecture that is built around a security policy that is aligned with the business risk. Risk must be understood and a cookie cutter approach must be avoided here because again every organization is different and so are their risks.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Knowledge for the masses: Storytelling with ATT&CKMITRE ATT&CK
From ATT&CKcon 3.0
By Ismael Valenzuela and Jose Luis Sanchez Martinez, Trellix
The Trellix team believes that creating and sharing compelling stories about cyber threats -with ATT&CK- is a powerful way for raising awareness and enabling actionability against cyber threats.
In this talk the team will share their experiences leveraging ATT&CK to disseminate Threat knowledge to different audiences (Software Development teams, Managers, Threat detection engineers, Threat hunters, Cyber Threat Analysts, Support Engineers, upper management, etc.).
They will show concrete examples and representations created with ATT&CK to describe the threats at different levels, including: 1) an Attack Path graph that shows the overall flow of the attack; 2) Tactic-specific TTP summary tables and graphs; 3) very detailed, step-by-step description of the attacker's behaviors.
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
Security operations center 5 security controlsAlienVault
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
Security Operations Center (SOC) Essentials for the SMEAlienVault
Closing the gaps in security controls, systems, people and processes is not an easy feat, particularly for IT practitioners in smaller organizations with limited budgets and few (if any) dedicated security staff. So, what are the essential security capabilities needed to establish a security operations center and start closing those gaps?
Join Javvad Malik of 451 Research and Patrick Bedwell, VP of Product Marketing at AlienVault for this session covering:
*Developments in the threat landscape driving a shift from preventative to detective controls
*Essential security controls needed to defend against modern threats
*Fundamentals for evaluating a security approach that will work for you, not against you
*How a unified approach to security visibility can help you get from install to insight more quickly
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
According to Cisco’s 2018 Cyber security automation Study, organizations overwhelmingly favor specialized tools to get the most robust capabilities across their environment. The more disparate technology a SOC uses, the greater the need for security orchestration and automation platform to help tie everything together.
Visit - https://www.siemplify.co/
These are slides from local security chapters meetup, Here I tried to explain the challenges in appsec and complete framework for different life cycle of secure software development cycle
Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...Raffael Marty
Extended Detection and Response, or XDR for short, is one of the acronyms that are increasingly used by cybersecurity vendors to explain their approach to solving the cyber security problem. We have been spending trillions of dollars on approaches to secure our systems and data, with what success? Cybersecurity is still one of the biggest and most challenging areas that companies, small and large, are dealing with. XDR is another approach driven by security vendors to solve this problem. The challenge is that every vendor defines XDR slightly differently and makes it fit their own “challenge du jour” for marketing and selling their products.
In this presentation we will demystify the XDR acronym and put a working model behind it. Together, we will explore why XDR is a fabulous concept, but also discover that it’s nothing revolutionarily new. With an MSP lens, we will explore what the XDR benefits are for small and medium businesses and what it means to the security strategy of both MSPs and their clients. The audience will leave with a clear understanding of what XDR is, how the technology matters to them, and how XDR will ultimately help them secure their customers and enable trusted commerce.
Threat intelligence is information that informs enterprise defenders of adversarial elements to stop them.
It is information that is relevant to the organization, has business value, and is actionable.
If you having all data and feeds then data alone isn’t intelligence.
#Threat #Intelligence #Forensics #ELK #Forensics #VAPT #SOC #SIEM #Incident #D3pak
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Summarize the design and build approach for SOC (Security Operation Center) for both end user company and service providers. Defines the approach flow for SOC building and various components and phases involved. Defines design thumb rules and parameters for SOC Design.
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
BlackHat USA 2015 got recently concluded and we head a bunch of news around how BlackHat brought to light various security vulnerabilities in day-to-day life like ZigBee protocol, Device for stealing keyless cars & ATM card skimmers. However the presenters, who are also ethical hackers, also gave a bunch of tools to help software community to detect & prevent security holes in the hardware & software while the product is ready for release. We have reviewed all the presentations from the conference and give you here a list of Top 10 tools/utilities that helps in security vulnerability detection & prevention.
Security operations center 5 security controlsAlienVault
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
Security Operations Center (SOC) Essentials for the SMEAlienVault
Closing the gaps in security controls, systems, people and processes is not an easy feat, particularly for IT practitioners in smaller organizations with limited budgets and few (if any) dedicated security staff. So, what are the essential security capabilities needed to establish a security operations center and start closing those gaps?
Join Javvad Malik of 451 Research and Patrick Bedwell, VP of Product Marketing at AlienVault for this session covering:
*Developments in the threat landscape driving a shift from preventative to detective controls
*Essential security controls needed to defend against modern threats
*Fundamentals for evaluating a security approach that will work for you, not against you
*How a unified approach to security visibility can help you get from install to insight more quickly
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
According to Cisco’s 2018 Cyber security automation Study, organizations overwhelmingly favor specialized tools to get the most robust capabilities across their environment. The more disparate technology a SOC uses, the greater the need for security orchestration and automation platform to help tie everything together.
Visit - https://www.siemplify.co/
These are slides from local security chapters meetup, Here I tried to explain the challenges in appsec and complete framework for different life cycle of secure software development cycle
Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...Raffael Marty
Extended Detection and Response, or XDR for short, is one of the acronyms that are increasingly used by cybersecurity vendors to explain their approach to solving the cyber security problem. We have been spending trillions of dollars on approaches to secure our systems and data, with what success? Cybersecurity is still one of the biggest and most challenging areas that companies, small and large, are dealing with. XDR is another approach driven by security vendors to solve this problem. The challenge is that every vendor defines XDR slightly differently and makes it fit their own “challenge du jour” for marketing and selling their products.
In this presentation we will demystify the XDR acronym and put a working model behind it. Together, we will explore why XDR is a fabulous concept, but also discover that it’s nothing revolutionarily new. With an MSP lens, we will explore what the XDR benefits are for small and medium businesses and what it means to the security strategy of both MSPs and their clients. The audience will leave with a clear understanding of what XDR is, how the technology matters to them, and how XDR will ultimately help them secure their customers and enable trusted commerce.
Threat intelligence is information that informs enterprise defenders of adversarial elements to stop them.
It is information that is relevant to the organization, has business value, and is actionable.
If you having all data and feeds then data alone isn’t intelligence.
#Threat #Intelligence #Forensics #ELK #Forensics #VAPT #SOC #SIEM #Incident #D3pak
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Summarize the design and build approach for SOC (Security Operation Center) for both end user company and service providers. Defines the approach flow for SOC building and various components and phases involved. Defines design thumb rules and parameters for SOC Design.
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
BlackHat USA 2015 got recently concluded and we head a bunch of news around how BlackHat brought to light various security vulnerabilities in day-to-day life like ZigBee protocol, Device for stealing keyless cars & ATM card skimmers. However the presenters, who are also ethical hackers, also gave a bunch of tools to help software community to detect & prevent security holes in the hardware & software while the product is ready for release. We have reviewed all the presentations from the conference and give you here a list of Top 10 tools/utilities that helps in security vulnerability detection & prevention.
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...PaloAltoNetworks
Palo Alto Networks Live Community Senior Engineers Tom and Joe present best security practices at the Fuel Spark event in London. For more details, please visit: https://live.paloaltonetworks.com/t5/Community-Blog/Live-Community-team-at-Spark-User-Summit-London/ba-p/153182
All organizations want to go faster and decrease friction in delivering software. The problem is that InfoSec has historically slowed this down or worse. But, with the rise of CD pipelines and new devsecops tooling, there is an opportunity to reverse this trend and move Security from being a blocker to being an enabler.
This talk will discuss hallmarks of doing security in a software delivery pipeline with an emphasis on being pragmatic. At each phase of the delivery pipeline, you will be armed with philosophy, questions, and tools that will get security up-to-speed with your software delivery cadence.
From DeliveryConf 2020
This example laden talk will show how common tools available in today's enterprise environments can be harnessed to enhance and transform an appsec program. This talk will have example attacks and simple config changes that could make all the difference. Devs, infrastructure sec, ciso, come one come all.
Security Onion includes best-of-breed free and open tools including Suricata, Zeek, Wazuh, the Elastic Stack and many others. We created and maintain Security
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte
Join Infocyte co-founder and Chief Product Officer, Chris Gerritz, for a two-hour digital forensics and incident response (DFIR) training session.
During this presentation, Chris shows participants how to set up Infocyte's managed detection and response (MDR) platform and how to leverage Infocyte to detect, investigate, isolate, and eliminate sophisticated cyber threats. Additionally, Infocyte helps enterprise cyber security teams eliminate hidden IT risks, improve security hygiene, maintain compliance, and streamline security operations—including improving the capabilities of existing endpoint security tools.
Using Infocyte's new extensions, participants are encouraged to custom create their own collection (detection and analysis) and action (incident response) extensions.
Everything you really need to know about IDS (Intrusion Detection Systems) Combining with HoneyPots. Deployment and usage techniques used in the past and today. How to setup and deploy onto any network including the cloud. Reasons why this should be used in all networks. How to bring BIG DATA down to Small Data that is easy to understand and monitor.
It’s all over the news that data breaches occur daily! I asked WHY these hackers can download terabytes of data in timespans of months without being noticed. What are these companies paying their SOC team millions of dollars for? How come all the money is going to devices to prevent breaches and little to none in detecting when they occur? Don’t people know there are only two types of companies “those that been hacked, and those that don’t know they been hacked”. What can I do to detect a breach within seconds on any network scale? I think I figured it out. In my talk you’ll learn how you and your clients can benefit by applying my exclusive techniques, which I’ve successfully deployed. So the next time you get hacked the hacker would not be able to steal all those credit cards and photos of that Halloween party.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
2. Sooty
• Sooty is a tool developed with the task of
aiding SOC analysts with automating part
of their workflow. One of the goals of
Sooty is to perform as many of the
routine checks as possible, allowing the
analyst more time to spend on deeper
analysis within the same time-frame.
Details for many of Sooty's features can
be found below.
• https://github.com/TheresAFewCo
nors/Sooty
3. Peepdf
• peepdf is a Python tool to explore PDF files in
order to find out if the file can be harmful or not.
The aim of this tool is to provide all the
necessary components that a security
researcher could need in a PDF analysis without
using 3 or 4 tools to make all the tasks. With
peepdf it's possible to see all the objects in the
document showing the suspicious elements,
supports the most used filters and encodings, it
can parse different versions of a file, object
streams and encrypted files. With the installation
of PyV8 and Pylibemu it provides Javascript
and shellcode analysis wrappers too. Apart of
this it is able to create new PDF files, modify
existent ones and obfuscate them.
• https://eternal-todo.com/tools/peepdf-pdf-
analysis-tool
4. PyREBox
• PyREBox is a Python scriptable Reverse Engineering sandbox. It is
based on QEMU, and its goal is to aid reverse engineering by
providing dynamic analysis and debugging capabilities from a
different perspective. PyREBox allows to inspect a running QEMU
VM, modify its memory or registers, and to instrument its execution,
by creating simple scripts in Python to automate any kind of analysis.
It also offers a shell based on IPython that exposes a rich set of
commands, as well as a Python API.
• https://talosintelligence.com/pyrebox
5. Fail2Ban
• Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the
malicious signs -- too many password failures, seeking for exploits, etc. Generally
Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified
amount of time, although any arbitrary other action (e.g. sending an email) could also
be configured. Out of the box Fail2Ban comes with filters for various services (apache,
courier, ssh, etc).
• Fail2Ban is able to reduce the rate of incorrect authentications attempts however it
cannot eliminate the risk that weak authentication presents. Configure services to use
only two factor or public/private authentication mechanisms if you really want to
protect services.
• https://www.fail2ban.org/wiki/index.php/Main_Page
6. OSSEC
• OSSEC is a full platform to monitor and control your systems. It
mixes together all the aspects of HIDS (host-based intrusion
detection), log monitoring and SIM/SIEM together in a simple,
powerful and open source solution.
• https://github.com/ossec/ossec-hids
• https://www.ossec.net/
8. Process Hacker
• Process Hacker, A free, powerful, multi-purpose tool that helps you
monitor system resources, debug software and detect malware.
• https://processhacker.sourceforge.io/downloads.php
9. Splunk
• Its software helps capture, index and correlate real-time data in a
searchable repository, from which it can generate graphs, reports,
alerts, dashboards and visualizations. Splunk uses machine data for
identifying data patterns, providing metrics, diagnosing problems and
providing intelligence for business operations. Splunk is a horizontal
technology used for application management, security and
compliance, as well as business and web analytics.
• https://www.splunk.com/
10. Wazuh
• Wazuh is a free, open source
and enterprise-ready security
monitoring solution for threat
detection, integrity
monitoring, incident response
and compliance.
• https://wazuh.com/
11. TheHive
• A scalable, open source and free Security Incident Response
Platform, tightly integrated with MISP (Malware Information Sharing
Platform), designed to make life easier for SOCs, CSIRTs, CERTs
and any information security practitioner dealing with security
incidents that need to be investigated and acted upon swiftly.
• https://thehive-project.org/
12. Security Onion
• Our products include both the Security Onion software and
specialized hardware appliances that are built and tested to run
Security Onion. Our appliances will save you and your team time and
resources, allowing you to focus on keeping your organization
secure.
• https://securityonionsolutions.com/
13. Caine
• CAINE (Computer Aided INvestigative Environment) is an Italian
GNU/Linux live distribution created as a Digital Forensics project
• https://www.caine-live.net/
14. Caine
What does CALDERA do?
• CALDERA helps cybersecurity professionals reduce the amount of time and resources needed for routine cybersecurity testing.
• CALDERA empowers cyber teams in three main ways:
Autonomous Adversary Emulation
• With CALDERA, your cyber team can build a specific threat (adversary) profile and launch it in a network to see where you may be susceptible. This
helps with testing defenses and training blue teams on how to detect specific threats.
Autonomous Incident Response
• Enables your team to perform automated incident response on a given host, allowing them to find new ways to identify and respond to threats.
Manual Red-Team Engagements
• Helps your red team perform manual assessments with computer assistance by augmenting existing offensive toolsets. The framework can be
extended with any custom tools you may have.
• https://caldera.mitre.org/
16. Metta
Metta is an information security preparedness tool.
This project uses Redis/Celery, python, and vagrant with virtualbox to do
adversarial simulation. This allows you to test (mostly) your host based
instrumentation but may also allow you to test any network based detection
and controls depending on how you set up your vagrants.
The project parses yaml files with actions and uses celery to queue these
actions up and run them one at a time without interaction.
https://github.com/uber-common/metta
17. OSSIM
• AlienVault® OSSIM™, Open Source Security Information and Event Management
(SIEM), provides you with a feature-rich open source SIEM complete with event
collection, normalization and correlation. Launched by security engineers because of
the lack of available open source products, AlienVault OSSIM was created specifically
to address the reality many security professionals face: A SIEM, whether it is open
source or commercial, is virtually useless without the basic security controls
necessary for security visibility.
• https://cybersecurity.att.com/products/ossim
18. Prelude
• Prelude is a Universal "Security Information & Event Management"
(SIEM) system. Prelude collects, normalizes, sorts, aggregates,
correlates and reports all security-related events independently of
the product brand or license giving rise to such events; Prelude is
"agentless".
• As well as being capable of recovering any type of log (system logs,
syslog, flat files, etc.), Prelude benefits from a native support with a
number of systems dedicated to enriching information even further
(snort, samhain, ossec, auditd, etc.).
• https://www.prelude-siem.org/
19. Nagios
• Nagios XI provides monitoring of all mission-critical
infrastructure components including applications, services,
operating systems, network protocols, systems metrics, and
network infrastructure. Hundreds of third-party addons provide
for monitoring of virtually all in-house and external
applications, services, and systems.
• https://www.nagios.org/
21. Icinga
• Find answers, take actions and become a problem-solver. Be flexible
and take your own ways. Stay curious, stay passionate, stay in the
loop. Tackle your monitoring challenge.
• https://icinga.com/
22. Helk
• The Hunting ELK or simply the HELK
is one of the first open source hunt
platforms with advanced analytics
capabilities such as SQL declarative
language, graphing, structured
streaming, and even machine
learning via Jupyter notebooks and
Apache Spark over an ELK stack.
This project was developed primarily
for research, but due to its flexible
design and core components, it can
be deployed in larger environments
with the right configurations and
scalable infrastructure.
• https://github.com/Cyb3rWard0g/H
ELK
23. CimSweep
• CimSweep is a suite of CIM/WMI-based tools that enable the ability
to perform incident response and hunting operations remotely
across all versions of Windows. CimSweep may also be used to
engage in offensive reconnaisance without the need to drop any
payload to disk. Windows Management Instrumentation has been
installed and its respective service running by default since Windows
XP and Windows 2000 and is fully supported in the latest versions of
Windows including Windows 10, Nano Server, and Server 2016.
• https://github.com/PowerShellMafia/CimSweep
24. PowerForensics
• The purpose of PowerForensics is to provide an all inclusive
framework for hard drive forensic analysis. PowerForensics currently
supports NTFS and FAT file systems, and work has begun on
Extended File System and HFS+ support.
• https://github.com/Invoke-IR/PowerForensics
25. RedLine
• Redline®, FireEye's premier free endpoint security tool, provides host investigative capabilities to users to find
signs of malicious activity through memory and file analysis and the development of a threat assessment
profile.
With Redline, you can:
• Thoroughly audit and collect all running processes and drivers from memory, file-system metadata, registry
data, event logs, network information, services, tasks and web history.
• Analyze and view imported audit data, including the ability to filter results around a given timeframe using
Redline’s Timeline functionality with the TimeWrinkle™ and TimeCrunch™ features.
• Streamline memory analysis with a proven workflow for analyzing malware based on relative priority.
• Perform Indicators of Compromise (IOC) analysis. Supplied with a set of IOCs, the Redline Portable Agent is
automatically configured to gather the data required to perform the IOC analysis and an IOC hit result review.
• https://www.fireeye.com/services/freeware/redline.html
26. Yara
• YARA is a tool aimed at (but not limited to) helping malware
researchers to identify and classify malware samples. With YARA
you can create descriptions of malware families (or whatever you
want to describe) based on textual or binary patterns. Each
description, a.k.a. rule, consists of a set of strings and a boolean
expression which determine its logic.
• https://github.com/VirusTotal/yara
27. Forager
• Do you ever wonder if there is an easier way to retrieve, store, and
maintain all your threat intelligence data? Random user, meet
Forager. Not all threat intel implementations require a database that
is "correlating trillions of data points.." and instead, you just need a
simple interface, with simple TXT files, that can pull threat data from
other feeds, PDF threat reports, or other data sources, with minimal
effort. With 15 pre-configured threat feeds, you can get started with
threat intelligence feed management today
• https://github.com/opensourcesec/Forager
28. Forager
• Connect Open-Source Security Tools: Threat Bus is a pub-sub broker for threat intelligence data. With Threat
Bus you can seamlessly integrate threat intel platforms like OpenCTI or MISP with detection tools and
databases like Zeek or VAST.
• Native STIX-2: Threat Bus transports indicators and sightings encoded as per the STIX-2 open format
specification.
• Plugin-based Architecture: The project is plugin-based and can be extended easily. Read about the different
plugin types and how to write your own. We welcome contributions to adopt new open source tools!
• Official Plugins: We maintain many plugins right in the official Threat Bus repository. Check out our
integrations for MISP, Zeek, CIFv3, and generally apps that connect via ZeroMQ, like vast-threatbus and our
OpenCTI connector.
• Snapshotting: The snapshot feature allows subscribers to directly request threat intelligence data for a certain
time range from other applications. Threat Bus handles the point-to-point communication of all involved apps.
• https://github.com/tenzir/threatbus
29. Threat Ingestor
• ThreatIngestor can be configured to watch Twitter, RSS feeds, or
other sources, extract meaningful information such as malicious
IPs/domains and YARA signatures, and send that information to
another system for analysis.
• https://github.com/InQuest/ThreatIngestor
30. Misp
• User guide for MISP - The Open Source Threat Intelligence Sharing
Platform. This user guide is intended for ICT professionals such as
security analysts, security incident handlers, or malware reverse
engineers who share threat intelligence using MISP or integrate
MISP into other security monitoring tools. The user guide includes
day-to-day usage of the MISP's graphical user interface along with
its automated interfaces (API), in order to integrate MISP within a
security environment and operate one or more MISP instances.
• https://github.com/MISP/misp-book
31. Malware-IOC
• Here are indicators of compromise (IOCs) of our various investigations. We are doing this to help the broader
security community fight malware wherever it might be.
• .yar files are Yara rules
• .rules files are Snort rules
• samples.md5, samples.sha1 and samples.sha256 files are newline separated list of hexadecimal digests of
malware samples
• If you would like to contribute improved versions please send us a pull request.
• If you’ve found false positives give us the details in an issue report and we’ll try to improve our IOCs.
• These are licensed under the permissive BSD two-clause license. You are allowed to modify these and keep
the changes to yourself even though it would be rude to do so.
• https://github.com/eset/malware-ioc
32. Cobalt Strike Scan
• Scan files or process memory for Cobalt Strike beacons and parse their
configuration.
• CobaltStrikeScan scans Windows process memory for evidence of DLL
injection (classic or reflective injection) and/or performs a YARA scan on
the target process' memory for Cobalt Strike v3 and v4 beacon signatures.
• Alternatively, CobaltStrikeScan can perform the same YARA scan on a file
supplied by absolute or relative path as a command-line argument.
• If a Cobalt Strike beacon is detected in the file or process, the beacon's
configuration will be parsed and displayed to the console.
• https://github.com/Apr4h/CobaltStrikeScan
33. Harden Tools
• Hardentools is designed to disable a number of "features" exposed by
operating systems (Microsoft Windows, for now) and some widely used
applications (Microsoft Office and Adobe PDF Reader, for now). These
features, commonly thought for enterprise customers, are generally
useless to regular users and rather pose as dangers as they are very
commonly abused by attackers to execute malicious code on a victim's
computer. The intent of this tool is to simply reduce the attack surface by
disabling the low-hanging fruit. Hardentools is intended for individuals at
risk, who might want an extra level of security at the price of some
usability. It is not intended for corporate environments.
• https://github.com/securitywithoutborders/hardentools
34. Windows Secure Host Baseline
• The Windows Secure Host Baseline (SHB) provides an automated and flexible
approach for assisting the DoD in deploying the latest releases of Windows 10 using a
framework that can be consumed by organizations of all sizes.
• The DoD CIO issued a memo on November 20, 2015 directing Combatant Commands,
Services, Agencies and Field Activities (CC/S/As) to rapidly deploy the Windows 10
operating system throughout their respective organizations with the objective of
completing deployment by the end of January 2017. The Deputy Secretary of Defense
issued a memo on February 26, 2016 directing the DoD to complete a rapid
deployment and transition to Microsoft Windows 10 Secure Host Baseline by the end
of January 2017.
• https://github.com/nsacyber/Windows-Secure-Host-Baseline
35. Any Run
• It is not enough to run a suspicious file on a testing system to be sure
in its safety. For some types of malware or vulnerabilities (e.g., APT),
direct human interaction during analysis is required. A set of online
malware analysis tools, allows you to watch the research process
and make adjustments when needed, just as you would do it on a
real system, rather than relying on a wholly automated sandbox.
• https://any.run/
36. Hybrid Analysis
• This is a free malware
analysis service for the
community that detects and
analyzes unknown threats
using a unique Hybrid Analysis
technology.
• https://www.hybrid-
analysis.com/
37. PSHunt
• PSHunt is a Powershell Threat Hunting Module designed to scan
remote endpoints* for indicators of compromise or survey them for
more comprehensive information related to state of those systems
(active processes, autostarts, configurations, and/or logs).
• PSHunt began as the precurser to Infocyte's commercial product,
Infocyte HUNT, and is now being open sourced for the benefit of the
DFIR community.
• https://github.com/Infocyte/PSHunt
38. GoPhish
• Gophish is a powerful, open-source phishing framework that makes
it easy to test your organization's exposure to phishing.
• https://getgophish.com/
39. Solar Winds
• The log manager gathers log messages from all over your system, consolidating
the different formats they are written in to be stored and searched together. The
dashboard shows all events live on the screen, and there is also an analytical tool
that helps you search through stored log files for pertinent security information.
The log manager also protects logfiles from tampering with a file integrity monitor.
• The Security Event Manager isn’t just a SIEM. It includes a threat intelligence feed,
which pools threat detection experiences from all of the clients of the SolarWinds
system. The security system uses the guidance from the feed when searching
through log messages for indicators of attack.
• https://www.solarwinds.com/security-event-manager
40. SentinelOne
• Today we are pleased to announce the revolutionary technology of
ActiveEDR. ActiveEDR solves the problems of EDR as you know it by
tracking and contextualizing everything on a device. ActiveEDR is
able to identify malicious acts in real time, automating the required
responses and allowing easy threat hunting by searching on a single
IOC. Read more to understand how we got here and how we
created the first and only EDR that is truly active.
• https://www.sentinelone.com/blog/active-edr-feature-spotlight/
41. Qualys
• Cyber risk is business risk - with risks growing faster than what
traditional VM and SIEM tools can manage. Security and IT teams
need a new approach to tackle cyber threats with a clear
understanding of cybersecurity risk and automate workflows for
rapid response..
• https://www.qualys.com/apps/vulnerability-management-detection-
response/
42. EzTools
• These open source digital forensics tools can be used in a wide
variety of investigations including cross validation of tools, providing
insight into technical details not exposed by other tools, and more.
Over the years, Eric has written and continually improve over a
dozen digital forensics tools that investigators all over the world use
and rely upon daily.
• https://www.sans.org/tools/ez-tools/
43. Remnux
• REMnux® is a free Linux toolkit for assisting malware analysts with reverse-
engineering malicious software. It strives to make it easier for forensic
investigators and incident responders to start using the variety of freely-available
tools that can examine malware, yet might be difficult to locate or set up.
• The heart of the project is the REMnux Linux distribution based on Ubuntu. This
lightweight distro incorporates many tools for analyzing Windows and Linux
malware, examining browser-based threats such as obfuscated JavaScript,
exploring suspicious document files and taking apart other malicious artifacts.
Investigators can also use the distro to intercept suspicious network traffic in an
isolated lab when performing behavioral malware analysis.
• https://sansgear.com/remnux/
44. Sift Workstation
• Why SIFT? The SIFT Workstation is a group of free open-source incident
response and forensic tools designed to perform detailed digital forensic
examinations in a variety of settings. It can match any current incident
response and forensic tool suite. SIFT demonstrates that advanced
incident response capabilities and deep dive digital forensic techniques to
intrusions can be accomplished using cutting-edge open-source tools that
are freely available and frequently updated.
• https://sansgear.com/sift-workstation/
45. Sof-Elk
• SOF-ELK® is a “big data analytics” platform focused on the typical needs of computer forensic
investigators/analysts and information security operations personnel. The platform is a
customized build of the open source Elastic stack, consisting of the Elasticsearch storage and
search engine, Logstash ingest and enrichment system, Kibana dashboard frontend, and Elastic
Beats log shipper (specifically filebeat). With a significant amount of customization and ongoing
development, SOF-ELK® users can avoid the typically long and involved setup process the
Elastic stack requires. Instead, they can simply download the pre-built and ready-to-use SOF-
ELK® virtual appliance that consumes various source data types (numerous log types as well as
NetFlow), parsing out the most critical data and visualizing it on several stock dashboards.
Advanced users can build visualizations the suit their own investigative or operational
requirements, optionally contributing those back to the primary code repository.
• https://sansgear.com/sof-elk/
46. MXToolbox
• This test will list MX records for a domain in priority order. The MX lookup
is done directly against the domain's authoritative name server, so changes
to MX Records should show up instantly. You can click Diagnostics , which
will connect to the mail server, verify reverse DNS records, perform a
simple Open Relay check and measure response time performance. You
may also check each MX record (IP Address) against 105 DNS based
blacklists . (Commonly called RBLs, DNSBLs)
• https://mxtoolbox.com/
47. DevSec.io
• Server hardening framework providing Ansible, Chef, and Puppet
implementations of various baseline security configurations.
• https://dev-sec.io/
48. Clevis
• Plugable framework for automated decryption, often used as a Tang
client.
• https://github.com/latchset/clevis
49. Cortex
• Provides horizontally scalable, highly available, multi-tenant, long
term storage for Prometheus.
• https://cortexmetrics.io/
50. Jaeger
• Distributed tracing platform backend used for monitoring and
troubleshooting microservices-based distributed systems.
• https://www.jaegertracing.io/
51. KubeSec
• Static analyzer of Kubernetes manifests that can be run locally, as a
Kuberenetes admission controller, or as its own cloud service.
• https://kubesec.io/
52. Linkerd
• Ultra light Kubernetes-specific service mesh that adds observability,
reliability, and security to Kubernetes applications without requiring
any modification of the application itself.
• https://linkerd.io/
53. Globaleaks
• Free, open source software enabling anyone to easily set up and
maintain a secure whistleblowing platform.
• https://www.globaleaks.org/
54. Teleport
• Allows engineers and security professionals to unify access for SSH
servers, Kubernetes clusters, web applications, and databases
across all environments.
• https://goteleport.com/
55. DynInst
• Tools for binary instrumentation, analysis, and modification, useful
for binary patching.
• https://dyninst.org/dyninst
56. Dynamo Rio
• Runtime code manipulation system that supports code
transformations on any part of a program, while it executes,
implemented as a process-level virtual machine.
• https://dynamorio.org/
57. Egalito
• Binary recompiler and instrumentation framework that can fully
disassemble, transform, and regenerate ordinary Linux binaries
designed for binary hardening and security research.
• https://egalito.org/
59. Manuka
• Open-sources intelligence (OSINT) honeypot that monitors
reconnaissance attempts by threat actors and generates actionable
intelligence for Blue Teamers.
• https://github.com/spaceraccoon/manuka
60. Threat Note
• Web application built by Defense Point Security to allow security
researchers the ability to add and retrieve indicators related to their
research.
• https://github.com/DefensePointSecurity/threat_note
61. AutoMacTC
• Modular, automated forensic triage collection framework designed
to access various forensic artifacts on macOS, parse them, and
present them in formats viable for analysis.
• https://github.com/CrowdStrike/automactc
62. Margarita Shotgun
• Command line utility (that works with or without Amazon EC2
instances) to parallelize remote memory acquisition.
• https://github.com/ThreatResponse/margaritashotgun
63. Mailspoof
• Scans SPF and DMARC records for issues that could allow email
spoofing.
• https://github.com/serain/mailspoof
64. Phishing Catcher
• Configurable script to watch for issuances of suspicious TLS
certificates by domain name in the Certificate Transparency Log
(CTL) using the CertStream service.
• https://github.com/x0rz/phishing_catcher
65. SentinelOne
• Today we are pleased to announce the revolutionary technology of
ActiveEDR. ActiveEDR solves the problems of EDR as you know it by
tracking and contextualizing everything on a device. ActiveEDR is
able to identify malicious acts in real time, automating the required
responses and allowing easy threat hunting by searching on a single
IOC. Read more to understand how we got here and how we
created the first and only EDR that is truly active.
• https://www.sentinelone.com/blog/active-edr-feature-spotlight/
66. BadBlood
• Fills a test (non-production) Windows Domain with data that enables
security analysts and engineers to practice using tools to gain an
understanding and prescribe to securing Active Directory.
• https://www.secframe.com/badblood/
67. Drool
• Replay DNS traffic from packet capture files and send it to a
specified server, such as for simulating DDoS attacks on the DNS
and measuring normal DNS querying.
• https://www.dns-oarc.net/tools/drool
68. Dumpster Fire
• Modular, menu-driven, cross-platform tool for building repeatable,
time-delayed, distributed security events for Blue Team drills and
sensor/alert mapping.
• https://github.com/TryCatchHCF/DumpsterFire
69. GRR Rapid Response
• Incident response framework focused on remote live forensics
consisting of a Python agent installed on assets and Python-based
server infrastructure enabling analysts to quickly triage attacks and
perform analysis remotely.
• https://github.com/google/grr
70. MozDef
• Automate the security incident handling process and facilitate the
real-time activities of incident handlers.
• https://github.com/mozilla/MozDef
71. Rastrea2r
• Multi-platform tool for triaging suspected IOCs on many endpoints
simultaneously and that integrates with antivirus consoles.
• https://github.com/rastrea2r/rastrea2r
72. AttackerKB
• Free and public crowdsourced vulnerability assessment platform to
help prioritize high-risk patch application and combat vulnerability
fatigue.
• https://attackerkb.com/
73. Data
• Credential phish analysis and automation tool that can accept
suspected phishing URLs directly or trigger on observed network
traffic containing such a URL.
• https://github.com/hadojae/DATA
74. Forager
• Multi-threaded threat intelligence gathering built with Python3
featuring simple text-based configuration and data storage for ease
of use and data portability.
• https://github.com/opensourcesec/Forager
75. Unfetter
• Identifies defensive gaps in security posture by leveraging Mitre's
ATT&CK framework.
• https://nsacyber.github.io/unfetter/
76. Onion Balance
• Provides load-balancing while also making Onion services more
resilient and reliable by eliminating single points-of-failure.
• https://onionbalance.readthedocs.io/en/latest/
77. Nebula
• Completely open source and self-hosted, scalable overlay
networking tool with a focus on performance, simplicity, and security,
inspired by tinc.
• https://github.com/slackhq/nebula
79. Cobalt Strike Scan
• Scan files or process memory for Cobalt Strike beacons and parse
their configuration.
• https://github.com/Apr4h/CobaltStrikeScan
80. Sigcheck
• Audit a Windows host's root certificate store against Microsoft's
Certificate Trust List (CTL).
• https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck
81. Domain Hunter
• Checks expired domains for categorization/reputation and
Archive.org history to determine good candidates for phishing and
C2 domain names
• https://github.com/threatexpress/domainhunter
82. Elastic for Red Team
• Repository of resources for configuring a Red Team SIEM using
Elastic.
• https://github.com/SecurityRiskAdvisors/RedTeamSIEM
83. SharpEDRChecker
• Checks running processes, process metadata, Dlls loaded into your
current process and the each DLLs metadata, common install
directories, installed services and each service binaries metadata,
installed drivers and each drivers metadata, all for the presence of
known defensive products such as AV's, EDR's and logging tools.
• https://github.com/PwnDexter/SharpEDRChecker
84. SeatBelt
• Seatbelt is a C# project that performs a number of security oriented
host-survey "safety checks" relevant from both offensive and
defensive security perspectives.
• https://github.com/GhostPack/Seatbelt
86. Rubeus
• Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is
heavily adapted from Benjamin Delpy's Kekeo project (CC BY-NC-
SA 4.0 license) and Vincent LE TOUX's MakeMeEnterpriseAdmin
project (GPL v3.0 license).
• https://github.com/GhostPack/Rubeus
87. Mimikatz
• Mimikatz is an open-source application that allows users to view and
save authentication credentials like Kerberos tickets.
• https://github.com/gentilkiwi/mimikatz
88. CredBandit
• CredBandit is a proof of concept Beacon Object File (BOF) that uses
static x64 syscalls to perform a complete in memory dump of a
process and send that back through your already existing Beacon
communication channel.
• https://github.com/xforcered/CredBandit
89. SharpChromium
• .NET 4.0 CLR Project to retrieve Chromium data, such as cookies,
history and saved logins.
• https://github.com/djhohnstein/SharpChromium
90. Watson
• Watson is a .NET tool designed to enumerate missing KBs and
suggest exploits for Privilege Escalation vulnerabilities.
• https://github.com/rasta-mouse/Watson
91. DNS Exfiltration
• Data exfiltration over DNS request covert channel
• https://www.sentinelone.com/blog/active-edr-feature-spotlight/
92. Prelude Operator
• A Platform for Developer-first advanced security· Defend your
organization by mimicking real adversarial attacks.
• https://www.prelude.org/
93. Stratus Red Team
• Stratus Red Team is "Atomic Red Team™" for the cloud, allowing to
emulate offensive attack techniques in a granular and self-contained
manner.
• https://github.com/DataDog/stratus-red-team