The document discusses Capture the Flag (CTF) challenges and cybersecurity events. It provides an introduction to Teammatrix and SCIT, an overview of CTF basics like solving puzzles to find flags. It describes different types of CTF events like red team vs blue team exercises, jeopardy-style, and flavors like steganography, cryptography, and web challenges. The importance of red team vs blue team exercises to test security preparedness is highlighted. Wargames organized by Teammatrix are mentioned as hackathons to spread security awareness.
That was a training for SCIT Symbiosis students at India before their CTF.
Training link: https://www.youtube.com/watch?v=OYYuagj9ZvA
Training Agenda:
Introduction to cybersecurity
Famous data breaches
How to start in cybersecurity
What is a CTF
CTF types
CTF resources
How to gain money out of hacking
CTF demo “Let’s Play CTF together”
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamMITRE ATT&CK
From ATT&CKcon 3.0
By Brian Donohue, Red Canary
This presentation will highlight the Atomic Red Team project's efforts to define and increase the test coverage of MITRE ATT&CK techniques. We'll describe the challenges we encountered in defining what "coverage" means in the context of an ATT&CK-based framework, and how to use that definition to improve an open source project that's used by a diverse audience of practitioners to satisfy an equally diverse array of needs. The audience will learn how the Atomic Red Team maintainers standardize and categorize atomic tests, perform gap analysis to achieve deep technique-level coverage and broad matrix-level coverage, and quickly fill those gaps with new tests.
That was a training for SCIT Symbiosis students at India before their CTF.
Training link: https://www.youtube.com/watch?v=OYYuagj9ZvA
Training Agenda:
Introduction to cybersecurity
Famous data breaches
How to start in cybersecurity
What is a CTF
CTF types
CTF resources
How to gain money out of hacking
CTF demo “Let’s Play CTF together”
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamMITRE ATT&CK
From ATT&CKcon 3.0
By Brian Donohue, Red Canary
This presentation will highlight the Atomic Red Team project's efforts to define and increase the test coverage of MITRE ATT&CK techniques. We'll describe the challenges we encountered in defining what "coverage" means in the context of an ATT&CK-based framework, and how to use that definition to improve an open source project that's used by a diverse audience of practitioners to satisfy an equally diverse array of needs. The audience will learn how the Atomic Red Team maintainers standardize and categorize atomic tests, perform gap analysis to achieve deep technique-level coverage and broad matrix-level coverage, and quickly fill those gaps with new tests.
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Jorge Orchilles
Join Jorge Orchilles and Phil Wainwright as they cover how to show value during Red and Purple Team exercises with a free platform, VECTR. VECTR is included in SANS Slingshot C2 Matrix Edition so you can follow along the presentation and live demos.
VECTR is a free platform for planning and tracking of your red and purple team exercises and alignment to blue team detection and prevention capabilities across different attack scenarios. VECTR provides the ability to create assessment groups, which consist of a collection of Campaigns and supporting Test Cases to simulate adversary threats. Campaigns can be broad and span activity across the kill chain or ATT&CK tactics, from initial access to privilege escalation and lateral movement and so on, or can be a narrow in scope to focus on specific defensive controls, tools, and infrastructure. VECTR is designed to promote full transparency between offense and defense, encourage training between team members, and improve detection, prevention & response capabilities across cloud and on-premise environments.
Common use cases for VECTR are measuring your defenses over time against the MITRE ATT&CK framework, creating custom red team scenarios and adversary emulation plans, and assisting with toolset evaluations. VECTR is meant to be used over time with targeted campaigns, iteration, and measurable enhancements to both red team skills and blue team detection capabilities. Ultimately the goal of VECTR is to help organizations level up and promote a platform that encourages community sharing of CTI that is useful for red teamers, blue teamers, threat intel teams, security engineering, any number of other cyber roles, and helps management show increasing maturity in their programs and justification of whats working, whats not, and where additional investment might be needed in tools and team members to bring it all together.
MITRE ATT&CK is quickly gaining traction and is becoming an important standard to use to assess the overall cyber security posture of an organization. Tools like ATT&CK Navigator facilitate corporate adoption and allow for a holistic overview on attack techniques and how the organization is preventing and detecting them. Furthermore, many vendors, technologies and open-source initiatives are aligning with ATT&CK. Join Erik Van Buggenhout in this presentation, where he will discuss how MITRE ATT&CK can be leveraged in the organization as part of your overall cyber security program, with a focus on adversary emulation.
Erik Van Buggenhout is the lead author of SANS SEC599 - Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. Next to his activities at SANS, Erik is also a co-founder of NVISO, a European cyber security firm with offices in Brussels, Frankfurt and Munich.
CNIT 123: Ch 3: Network and Computer AttacksSam Bowne
Slides for a college course based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/123/123_S18.shtml
Presentation slides presented by Cody Thomas and Christopher Korban at x33fcon 2018 about how to jumpstart your purple teaming with the MITRE ATT&CK framework, and accompanying Adversary Emulation Plans
Presented at the DEFCON27 Red Team Offensive Village on 8/10/19.
From the dawn of technology, adversaries have been present. They have ranged from criminal actors and curious children to - more modernly - nation states and organized crime. As an industry, we started to see value in emulating bad actors and thus the penetration test was born. As time passes, these engagements become less about assessing the true security of the target organization and more about emulating other penetration testers. Furthermore, these tests have evolved into a compliance staple that results in little improvement and increasingly worse emulation of bad actors.
In this presentation, we will provide a framework complementary to the Penetration Testing Execution Standard (PTES). This complementary work, the Red Team Framework (RTF), focuses on the objectives and scoping of adversarial emulation with increased focus on the perspective of the business, their threat models, and business models. The RTF borrows part of the PTES, adding emphasis on detection capabilities as well as purple team engagements. We believe this approach will better assist organizations and their defensive assets in understanding threats and building relevant detections.
This is about what is threat hunting and how to perform it in cyberworld. Our traditional detection systems are being bypassed and we need modern approach to detect & respond to modern day threats.
Entire demo of the same is available on youtube - https://www.youtube.com/playlist?list=PL2iM-fIRjbTCQVI4tR7U2I5IdwLb2QSi_
A capture the flag (CTF) contest is a special kind of cybersecurity competition designed to challenge its participants to solve computer security problems and/or capture and defend computer systems. Typically, these competitions are team-based and attract a diverse range of participants, including students, enthusiasts and professionals. A CTF competition may take a few short hours, an entire day or even multiple days.
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
Brucon 2016
The evolution chain in security testing is fundamentally broken due to a lack of understanding, reduction of scope, and a reliance on vulnerability “whack a mole.” To help break the barriers of the common security program we are going to have to divorce ourselves from the metrics of vulnerability statistics and Pavlovian risk color charts and really get to work on how our security programs perform during a REAL event. To do so, we must create an entirely new set of metrics, tests, procedures, implementations and repeatable process. It is extremely rare that a vulnerability causes a direct risk to an environment, it is usually what the attacker DOES with the access gained that matters. In this talk we will discuss the way that Internal and external teams have been created to simulate a REAL WORLD attack and work hand in hand with the Defensive teams to measure the environments resistance to the attacks. We will demonstrate attacks, capabilities, TTP’s tracking, trending, positive metrics, hunt integration and most of all we will lay out a road map to STOP this nonsense of Red vs BLUE and realize that we are all on the same team. Sparring and training every day to be ready for the fight when it comes to us.
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
With the development of the MITRE ATT&CK framework and its categorization of adversary activity during the attack cycle, understanding what to hunt for has become easier and more efficient than ever. However, organizations are still struggling to understand how they can prioritize the development of hunt hypothesis, assess their current security posture, and develop the right analytics with the help of ATT&CK. Even though there are several ways to utilize ATT&CK to accomplish those goals, there are only a few that are focusing primarily on the data that is currently being collected to drive the success of a hunt program.
This presentation shows how organizations can benefit from mapping their current visibility from a data perspective to the ATT&CK framework. It focuses on how to identify, document, standardize and model current available data to enhance a hunt program. It presents an updated ThreatHunter-Playbook, a Kibana ATT&CK dashboard, a new project named Open Source Security Events Metadata known as OSSEM and expands on the “data sources” section already provided by ATT&CK on most of the documented adversarial techniques.
Talk on Kaspersky lab's CoLaboratory: Industrial Cybersecurity Meetup #5 with @HeirhabarovT about several ATT&CK practical use cases.
Video (in Russian): https://www.youtube.com/watch?v=ulUF9Sw2T7s&t=3078
Many thanks to Teymur for great tech dive
Everyone is talking about or asking for red teaming. Most of them are getting it wrong. I talk about the history and definitions of red teaming, what you should be doing before you bother with red teaming and critical issues to watch out for when you do leverage it.
This presentation describes penetration testing with a Who, What, Where, When, and How approach. In the presentation, you may discover the common pitfalls of a bad penetration test and you could identify a better one. You should be able to recognize and differentiate both looking at the methods (attitude) and result.
Adversary Emulation is a type of Red Team Exercise where the Red Team emulates how an adversary operates, following the same tactics, techniques, and procedures (TTPs), with a specific objective (similar to those of realistic threats or adversaries). Adversary emulations are performed using a structured approach, which can be based on a kill chain or attack flow. Methodologies and Frameworks for Adversary Emulations are covered. Adversary Emulations are end-to-end attacks against a target organization to obtain a holistic view of the organization’s preparedness for a real, sophisticated attack.
A Beginner’s Guide to Capture the flag (CTF) Hackinginfosec train
As cyber-attacks and data breach incidents have increased in recent years, Cybersecurity is one of the organizations’ top priorities. This has resulted in high demand for skilled cybersecurity professionals in the market.
https://www.infosectrain.com/courses/ctf-training/
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Jorge Orchilles
Join Jorge Orchilles and Phil Wainwright as they cover how to show value during Red and Purple Team exercises with a free platform, VECTR. VECTR is included in SANS Slingshot C2 Matrix Edition so you can follow along the presentation and live demos.
VECTR is a free platform for planning and tracking of your red and purple team exercises and alignment to blue team detection and prevention capabilities across different attack scenarios. VECTR provides the ability to create assessment groups, which consist of a collection of Campaigns and supporting Test Cases to simulate adversary threats. Campaigns can be broad and span activity across the kill chain or ATT&CK tactics, from initial access to privilege escalation and lateral movement and so on, or can be a narrow in scope to focus on specific defensive controls, tools, and infrastructure. VECTR is designed to promote full transparency between offense and defense, encourage training between team members, and improve detection, prevention & response capabilities across cloud and on-premise environments.
Common use cases for VECTR are measuring your defenses over time against the MITRE ATT&CK framework, creating custom red team scenarios and adversary emulation plans, and assisting with toolset evaluations. VECTR is meant to be used over time with targeted campaigns, iteration, and measurable enhancements to both red team skills and blue team detection capabilities. Ultimately the goal of VECTR is to help organizations level up and promote a platform that encourages community sharing of CTI that is useful for red teamers, blue teamers, threat intel teams, security engineering, any number of other cyber roles, and helps management show increasing maturity in their programs and justification of whats working, whats not, and where additional investment might be needed in tools and team members to bring it all together.
MITRE ATT&CK is quickly gaining traction and is becoming an important standard to use to assess the overall cyber security posture of an organization. Tools like ATT&CK Navigator facilitate corporate adoption and allow for a holistic overview on attack techniques and how the organization is preventing and detecting them. Furthermore, many vendors, technologies and open-source initiatives are aligning with ATT&CK. Join Erik Van Buggenhout in this presentation, where he will discuss how MITRE ATT&CK can be leveraged in the organization as part of your overall cyber security program, with a focus on adversary emulation.
Erik Van Buggenhout is the lead author of SANS SEC599 - Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. Next to his activities at SANS, Erik is also a co-founder of NVISO, a European cyber security firm with offices in Brussels, Frankfurt and Munich.
CNIT 123: Ch 3: Network and Computer AttacksSam Bowne
Slides for a college course based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/123/123_S18.shtml
Presentation slides presented by Cody Thomas and Christopher Korban at x33fcon 2018 about how to jumpstart your purple teaming with the MITRE ATT&CK framework, and accompanying Adversary Emulation Plans
Presented at the DEFCON27 Red Team Offensive Village on 8/10/19.
From the dawn of technology, adversaries have been present. They have ranged from criminal actors and curious children to - more modernly - nation states and organized crime. As an industry, we started to see value in emulating bad actors and thus the penetration test was born. As time passes, these engagements become less about assessing the true security of the target organization and more about emulating other penetration testers. Furthermore, these tests have evolved into a compliance staple that results in little improvement and increasingly worse emulation of bad actors.
In this presentation, we will provide a framework complementary to the Penetration Testing Execution Standard (PTES). This complementary work, the Red Team Framework (RTF), focuses on the objectives and scoping of adversarial emulation with increased focus on the perspective of the business, their threat models, and business models. The RTF borrows part of the PTES, adding emphasis on detection capabilities as well as purple team engagements. We believe this approach will better assist organizations and their defensive assets in understanding threats and building relevant detections.
This is about what is threat hunting and how to perform it in cyberworld. Our traditional detection systems are being bypassed and we need modern approach to detect & respond to modern day threats.
Entire demo of the same is available on youtube - https://www.youtube.com/playlist?list=PL2iM-fIRjbTCQVI4tR7U2I5IdwLb2QSi_
A capture the flag (CTF) contest is a special kind of cybersecurity competition designed to challenge its participants to solve computer security problems and/or capture and defend computer systems. Typically, these competitions are team-based and attract a diverse range of participants, including students, enthusiasts and professionals. A CTF competition may take a few short hours, an entire day or even multiple days.
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
Brucon 2016
The evolution chain in security testing is fundamentally broken due to a lack of understanding, reduction of scope, and a reliance on vulnerability “whack a mole.” To help break the barriers of the common security program we are going to have to divorce ourselves from the metrics of vulnerability statistics and Pavlovian risk color charts and really get to work on how our security programs perform during a REAL event. To do so, we must create an entirely new set of metrics, tests, procedures, implementations and repeatable process. It is extremely rare that a vulnerability causes a direct risk to an environment, it is usually what the attacker DOES with the access gained that matters. In this talk we will discuss the way that Internal and external teams have been created to simulate a REAL WORLD attack and work hand in hand with the Defensive teams to measure the environments resistance to the attacks. We will demonstrate attacks, capabilities, TTP’s tracking, trending, positive metrics, hunt integration and most of all we will lay out a road map to STOP this nonsense of Red vs BLUE and realize that we are all on the same team. Sparring and training every day to be ready for the fight when it comes to us.
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
With the development of the MITRE ATT&CK framework and its categorization of adversary activity during the attack cycle, understanding what to hunt for has become easier and more efficient than ever. However, organizations are still struggling to understand how they can prioritize the development of hunt hypothesis, assess their current security posture, and develop the right analytics with the help of ATT&CK. Even though there are several ways to utilize ATT&CK to accomplish those goals, there are only a few that are focusing primarily on the data that is currently being collected to drive the success of a hunt program.
This presentation shows how organizations can benefit from mapping their current visibility from a data perspective to the ATT&CK framework. It focuses on how to identify, document, standardize and model current available data to enhance a hunt program. It presents an updated ThreatHunter-Playbook, a Kibana ATT&CK dashboard, a new project named Open Source Security Events Metadata known as OSSEM and expands on the “data sources” section already provided by ATT&CK on most of the documented adversarial techniques.
Talk on Kaspersky lab's CoLaboratory: Industrial Cybersecurity Meetup #5 with @HeirhabarovT about several ATT&CK practical use cases.
Video (in Russian): https://www.youtube.com/watch?v=ulUF9Sw2T7s&t=3078
Many thanks to Teymur for great tech dive
Everyone is talking about or asking for red teaming. Most of them are getting it wrong. I talk about the history and definitions of red teaming, what you should be doing before you bother with red teaming and critical issues to watch out for when you do leverage it.
This presentation describes penetration testing with a Who, What, Where, When, and How approach. In the presentation, you may discover the common pitfalls of a bad penetration test and you could identify a better one. You should be able to recognize and differentiate both looking at the methods (attitude) and result.
Adversary Emulation is a type of Red Team Exercise where the Red Team emulates how an adversary operates, following the same tactics, techniques, and procedures (TTPs), with a specific objective (similar to those of realistic threats or adversaries). Adversary emulations are performed using a structured approach, which can be based on a kill chain or attack flow. Methodologies and Frameworks for Adversary Emulations are covered. Adversary Emulations are end-to-end attacks against a target organization to obtain a holistic view of the organization’s preparedness for a real, sophisticated attack.
A Beginner’s Guide to Capture the flag (CTF) Hackinginfosec train
As cyber-attacks and data breach incidents have increased in recent years, Cybersecurity is one of the organizations’ top priorities. This has resulted in high demand for skilled cybersecurity professionals in the market.
https://www.infosectrain.com/courses/ctf-training/
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
Cutting through the APT hype to help businesses prevent, detect and mitigate advanced threats.
Sophisticated cyber-espionage operations aimed at pilfering
trade secrets and other sensitive data from corporate networks currently present the biggest threat to businesses. Advanced threat actors ranging from nation-state adversaries to organized cyber-crime gangs are using zero-day exploits, customized malware toolkits and clever social engineering tricks to break into corporate networks, avoid detection,
and steal valuable information over an extended period
of time.
In this presentation, we will cut through some of the hype
surrounding Advanced Persistent Threats (APTs), explain the
intricacies of these attacks and present recommendations to
help you improve your security posture through prevention,
detection and mitigation.
Introduction to Cybersecurity | IIT(BHU)CyberSecYashSomalkar
This is going to be series of Events around Cybersecurity, If you are lucky enough try to witness it live on our GDSC chapter.
Link of todays Event : https://gdsc.community.dev/events/details/developer-student-clubs-indian-institute-of-technology-varanasi-presents-introduction-to-cybersecurity-learn-to-hack-series/
Socials :
Website: https://copsiitbhu.co.in
LinkedIn : https://linkedin.com/company/cops-iitbhu
Instagram : https://instagram/cops.iitbhu/
Facebook : https://facebook.com/cops.iitbhu/
GitHub : https://github.com/COPS-IITBHU
Learn to identify, manage, and block threats faster with intelligence.
The ThreatConnect Platform was specifically designed to help you understand adversaries, automate workflows, and mitigate threats faster using threat intelligence. But we know security operations and threat intelligence are not one size fits all. That’s why we have options.
You'll See:
The products: Whether your security team is large or small, advanced or just getting started with threat intelligence, there is a ThreatConnect product that fits your specific needs.
Innovative features in the platform:
Collective Analytics Layer, which offers immediate insight into how widespread and relevant a threat is.
Playbooks: automate nearly any security operation or task - sending alerts, enriching data, or assigning tasks to a teammate; all done with an easy drag-and-drop interface - no coding needed.
How ThreatConnect will adapt with your organization as it grows and changes.
Advanced persistent threat (apt) & data centric audit and protection (dacp)CloudMask inc.
It is undeniable that the high-value target sectors, such as Defense and the Security sector, face targeted and focused threats that no other sector faces. These sectors affect the livelihood of millions, and any breach can have a major impact on National Security. In this high-level discussion, we focus on ‘Advanced Persistent Threat’ (APT). APT is one of the most sophisticated threats to high-value defense and security systems. Our discussion of APT will be based on Lockheed Martin and its Cyber Kill Chain.
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...NRBsanv
In a changing world of threads and thread actors we find ourselves bombarded with new technology hypes and toolsets.
Security tooling is like emotional eating you feel good for a while but at the end you are not in a better position.
This presentation addresses common questions such as how to differentiate between hype and reality, how to keep up with a limited budget, what is your security maturity level and how to fit this in a regulatory and compliance context.
In the board room these questions pop up on a regular basis lets bring you through the journey of how to answer and make it work presenting a customer success story.
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
Overview of key best practices, antipatterns, and more for security operations (SecOps/SOC)
These slides were used during Mark Simos' Tampa BSides talk on "The no BS SOC" on April 6, 2024
The changing threat landscape reality and
the frequency, sophistication and targeted
nature of adversaries requires an evolution of
security operational practices to a combination
of prevention, detection and response of
cyber attacks.
Why should you consider playing CTF.pdfinfosec train
Learning new skills is one of the most essential things to get ahead in your career. Especially if you are working in a field such as Cybersecurity, where new challenges keep arising on a regular basis.
https://www.infosectrain.com/courses/ctf-training/
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Andreas Sfakianakis
This is a presentation on Cyber Threat Intelligence state of the art and trends dating back to 2015! The conference was Secure South West 5 (SSW5) in Plymouth on 2nd April 2015. The content is a) introduction to CTI, b) Cyber Threat Management, and c) Threat Intelligence Platforms and other CTI toolset. Good old days :)
What are the top 15 IT security threats, and how can you make sure your company avoids them? With the help of security expert Chris Nelson, we compiled a categorized list of the top 15 security threats that IT departments face and how to confront them head-on.
EC-Council, a globally recognized cybersecurity credentialing body, offers the Certified Ethical Hacker (CEH) and Certified Penetration Testing Professional (CPENT) certifications to help you acquire the skills you need to be a part of Red and Blue Teams. CEH is the most desired cybersecurity training program, upping your ethical hacking skills to the next level. CPENT takes off from where CEH leaves off, giving you a real-world, hands-on penetration testing experience.
Threat intelligence (TI) is at the maturity level to become a decision making tool. TI refers to evidence based information including context such as mechanisms, Indicators of Compromise (IOC), Indicators of Attribution (IOA), implications and actionable advice about existing or emerging hazards to assets. TI allows the technical staff professionals to make better decisions and take action accordingly
This presentation showcased live during the DNIF KONNECT meetup on 19th December 2019. We have our presenter: Ruchir Shah- Account Manager at DNIF, walk us through the importance of SOAR
Some key points discussed during the meetup:
-Understand, what is SOAR.
-The problems a SOAR solution solves.
-Real-time demo by DNIF expert on SOAR.
Watch the full presentation here: https://www.youtube.com/watch?v=bCp-WAs6w5I
This presentation showcased live during the DNIF Konnect meetup on 5th September 2019. We have our guest presenter: Mr. Mikhail Moskvin - Cyber Security Expert from Kaspersky, walk us through some key points related to benefits and practical applications of threat intelligence.
Some key points discussed during the meetup:
- Introduction to threat intelligence.
- Strategies to implement threat intelligence with SIEM.
- Practical use cases on using KASPERSKY Threat Intelligence Portal with DNIF.
- How SOC teams can leverage threat intelligence aand validation.
Watch the full presentation here: https://youtu.be/C89lTX13Vcw?t=1284
In this presentation, we talk about actual use cases that can be created in DNIF to leverage the additional information provided by vFeed based on attack CVEs and related CAPEC information.
This presentation was demonstrated live during the DNIF Konnect session held on 4th July 2019 - You can watch the complete session here: https://youtu.be/owp1q-XoBoc?t=1170
In this presentation, we talk about:
- Introduction to Containers
- Container Security Overview
You can watch the complete session here:
https://youtu.be/w2-NtdAkrOI?t=1901
Importance of having a vulnerability management | Vfeed DNIF
In this presentation, the presenters NJ Ouchn and Rachid Harrando from vFeed talk about:
- Introduction to vFeed
- Common Vulnerability Structure
- Vulnerability Correlation Engine
This presentation was demonstrated live during the DNIF Konnect session held on 4th July 2019 - You can watch the complete session here: https://youtu.be/owp1q-XoBoc?t=412
Anatomy of Persistence Techniques & Strategies to DetectDNIF
In this presentation, we talk about:
- Attack Kill Chain
- About Persistence
- Persistence Techniques
- Persistence Leveraging MSSQL
- Approach to Detect Persistence
You can watch the complete session here: https://youtu.be/HfpjLR6ZwIU?t=1322
User Behavior Analytics Using Machine LearningDNIF
In this presentation we talk about:
- Introduction to user behavior analytics.
- Classifying malicious IP using machine learning.
- User behavior analytics using machine learning.
You can watch the complete demonstration video here: https://youtu.be/HfpjLR6ZwIU?t=3550
In this session, we talk about:
- Introduction to process whitelisting
- Advantages
- Leverage VirusTotal Threat Intelligence
You can watch the complete demonstration video here: https://youtu.be/HfpjLR6ZwIU?t=342
VirusTotal Threat Intelligence and DNIF Use CasesDNIF
NIF is a next gen SIEM platform with advanced security and automation capabilities, that let's machines do what they do best and allows security analysts to do activities that can actually change the game.
In this presentation, we talk about how DNIF users can build a use case on "Detecting Malicious URLs" with the help of VirusTotal Threat Intelligence.
Threat hunting and achieving security maturityDNIF
In this virtual meetup of DNIF KONNNECT (04.04.2019), where the growing DNIF community connects, interacts, shares and helps each other to grow and learn about the latest in threat hunting and many more...this time we have Mr. Ankit Panchal from NSDL who shall demonstrate an end to end demo of how you can achieve security maturity.
Learn more about DNIF KONNECT here - https://dnif.it/dnif-konnect.html
Learn more about DNIF KONNECT here - https://dnif.it/dnif-konnect.html
Kaspersky Threat Intelligence Portal and DNIF Use Cases DNIF
DNIF is a next gen SIEM platform with advanced security and automation capabilities, that let's machines do what they do best and allows security analysts to do activities that can actually change the game.
In this presentation, we talk about how DNIF users can build a use case on "Detecting Malicious IP Addresses" with the help of Kaspersky Threat Intelligence Portal.
Agenda:
1. Cyber Security - How it works, today!
2. Data Analytics, the What and the Why
3. The technical aspects
4. The pipeline
5. Opportunities - Gaps we're aiming for
6. Demo
Part 3, the final part of the series "Mastering Next Gen SIEM Use Cases".
The following presentation talks about building use cases to detect anomalies pertaining to applications and application servers.
Importance of correlating events pertaining to applications and applications servers.
Discover sample use cases for detecting anomalies in the SWIFT application.
Part 2 of 3 part series of "Mastering Next Gen SIEM Use Cases"
The following presentation talks about building use cases to detect anomalies pertaining to endpoints.
Discover use cases for Credential Theft and Endpoint compromise.
Part 1 of 3 part series of "Mastering Next-Gen SIEM Use Cases"
The following presentation talks about the mindset which next-gen threat hunters need to have in order to detect and respond to next-gen threats.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
2. Agenda
Introduction to Teammatrix and SCIT
CTF Basics
How to get started
Different Flavours Different Challenges
Red Team vs Blue Team exercise
Importance of RT vs BT exercise
Wargames
Conclusion
3. ABOUT SCIT and TEAMMATRIX
• SCIT is a premier IT B-School, located in PUNE. Their has been a huge demand for IT professionals at
top-management level, which is being catered by SCIT. It has been a leader since more than decade in
nurturing young talent in IT Business Management and have helped them transform into future
business leaders.
• TeamMatrix is a student driven, non-profit group founded by the students of SCIT. It was established in
2009 for spreading awareness about information security. Security has emerged to be the most
important aspect of any organisation and this team focuses on keeping up to date with the
developments and trends in this domain. With the motto 'Share, Learn, Implement and Refine’, we
aim to collaborate with like minded people.
4. CTF :BASICS
• CTF (Capture the Flag) is a cybersecurity event, focused on testing skillset of an individual.
• First of its kind was played during DEF CON 4, 1996 held in U.S.A
• It is based on simple concept of finding the hint (also known as flag) to crack the puzzle. The hint
can be anything cryptic words, text, numbers
• It checks the person’s ability to think on the feet, learn on the fly and use tools and technologies
that are never use before
• A great hobby to nurture for problem-solvers/security enthusiast
5. CTF :GETTING
STARTED
• Security is a vast field, and CTFs can include challenges in digital
forensics, cryptography, web security, and so on.
• A flag could be a phrase hidden in a network packet, a timestamp in
the metadata of a photo, a cipher sewn into a quilt.
• Challenges will contain clues to point you toward a flag, as well as
superfluous information to throw you off.
• Reading through write-ups, Blogs. Getting familiarized with basic
programming skills.
• Keeping track of various CTF events via ctftime.org and other well
known platforms.
6. CTF :TYPE
OF EVENTS
Attack - Def ense
In these types of events, teams defend a host PC while still trying to
attack opposing teams’ target PCs. Each team starts off with an
allotted time for patching and securing the PC, trying to discover as
many vulnerabilities as possible before the opponent attacking teams
can strike. Teams receive points for staving off attacks from opposing
teams and successfully infiltrating other teams.
Jeopardy-style
Jeopardy-style CTFs present competitors with a set of
questions that reveal clues that guide them in solving complex tasks
in a specific order. Teams receive points for each solved task. The
more difficult the task, the more points you can earn
upon its successful completion.
Mix
Combination of both
7. CTF : FLAVOURS Steganography
Finding secret messages hidden in form of string, image,
video file.
Crypto
Cracking a jumbled code. Deciphering it.
PWN (Exploitation)
Find.Exploit.Takeover. Such challenges focus of finding and
exploiting the environment
Rever se Engineering
Decoding the original source code. Understanding it and
creating a new code.
WEB
Analyze website contents to find the flag
8. Red Team
Red Teams are internal or entities dedicated to testing the effectiveness of a
security program by emulating the tools and techniques of likely attackers in the
most realistic way possible.
Blue Team
Blue Teams refer to the internal security team that defends against both real
attackers and Red Teams. Blue Teams should be distinguished from standard
security teams in most organizations, as most security operations teams do not
have a mentality of constant vigilance against attack.
Red Team vs Blue Team
9. RED TEAM
Obj ect ive
Circumvent, Breach and Exploit
BLUE TEAM
Attacks stimul ated by Red team
• Conduct remote attacks via the Internet, D N S
tunneling, ICMP tunneling
• Intrusion attempts via
Insider threat
• VPN-based attacks
• Access card copy and strength test
identity spoof
• Attack on physical Security
Obj ect ive
Detect and prevent attacks, develop security
controls
Cont rol measure by Blue team
• Identify type of attacks, intrusions on the
systems
• Block the attacks before they succeed
• Stay alert for reactive or preventive action
• Train the security teams for identity spoof
• Monitor Logs and SIEM
Config/Alerts
10. REAL LIFE CASES
HEARTBLEED
Allows stealing the
information protected,
under normal conditions, by
the SSL/TLS encryption used
to secure the Internet.
Allows attackers to
eavesdrop on
communications, steal data.
After math of 9/11,
Digitally embedded images
were used by terrorist to
communicate with each
other. This modus operandi
was cracked down later.
Reverse Engineering
Some of the popular
messenger applications are
exploited by competing
messenger applications. After
every new release, the
competitor application
decodes it and sets their new
releases.
Steganography
11. WARGAMES
Wargames – A Hackathon organized by Teammatrix, aimed towards spreading
awareness as well as develop a platform to engage Beginners and Corporates
to play in a simulated environment.
• HEIST – Red Team vs Blue Team exercise.
• CTF – Challenges based on different flavours of CTF.
• JailBreak – Solve puzzles to break through the special jail.
12. Key-Takeaways
• CTF and challenges alike are brain teasers.
• Important to hone the technical skills.
• Explore. Learn. Evolve.
• Cybersecurity is an ever evolving domain, need to be ahead of the curve.
WARGAME Registration Link: www.teammatrix.org/wargames
Follow us : @teammatrix_scit