Collaboration Between Infosec Community and CERT Teams : Project Sonar case

•Download as ODP, PDF•

1 like•783 views

Along with their day-to-day duties, CERT/CSIRT teams need to be aware about the security state of their subscribers/clients. My goal here is to present this initiative named "Project Sonar", started by many members of the Infosec Community. Also, i would like to present an use case in which the collaboration between the CERT/CSIRT team and the Infosec Community can be more profitable for all of us. This use case will be based on an analysis of some data provided by Project Sonar.

Technology

Collaboration Between Infosec
Community and CERT Teams : Project
Sonar case

1

Summary
1- Intro
2- A little Flashback
3- Who is the Infosec Community ?
3- What is Project Sonar ?
4- How can it be useful for CERT/CSIRT ?
5- What can be done ?
6- Conclusion
2

INTRO
●

●

/me {
Valdes T. Nzalli | @valdesjo77
Co-Founder & Security Evangelist at
Cameroon Cyber Security
}
Cameroon Cyber Security : {
NGO Association,
Infosec Workshops, Trainings, Awareness
and Share ! | @camcybersec
www.camcybersec.cm
« Be Secure, Be Safe ! » }
3

A LITTLE FLASHBACK
Internet Census Map (Carna Botnet)

4

Who is the Infosec Community ?
●

Infosec Researchers

●

Infosec Products Builders / Vendors

●

Security Analysts worldwide

5

What is Project Sonar ?
●

Scanning Public Internet-facing Systems

●

Analyse datasets provided by Scans

●

Share result and datasets with IT Security
Community
Datasets Availables :
IPv4 TCP banners & UDP probe replies
IPv4 Reverse DNS PTR records
IPv4 SSL Certificates
6

What is Project Sonar ?
●

Public Vulnerabilities on UpnP device reveled

7

What is Project Sonar ?
Serial Console Port Services exposed
worldwide

8

What is Project Sonar ?

OpenSSH servers usage and vulnerabilities
frequency in Africa

9

How can it be useful for
CERT/CSIRT ?

10

How can it be useful for
CERT/CSIRT ?
●

Workforce reduced

●

More Specific Awareness Campaign

●

●

Improvement of the Global Cybersecurity
State
Pro-active Incident Response

11

What can be done ?
●

●

●

●

●

Working together with Infosec
Researchers/Products Builders
Define standard of communication with Infosec
Community
Grab Datasets available for « internal » usage
Analyse and use this Informations for their
customers
Also, share their information with Infosec
Community to improve global Cybersecurity
12

Conclusion
Useful Ressources :
●

●

●

●

Project Sonar free Datasets https://scans.io/
Internet Census Project
http://internetcensus2012.bitbucket.org/

Rapid7 Community : Welcome to Project Sonar
https://community.rapid7.com/community/infosec/sonar/blog/2
Additional : Shodan HQ : www.shodanhq.com

13

Similar to Collaboration Between Infosec Community and CERT Teams : Project Sonar case

Charles Lim - Honeynet Indonesia Chapter

Indonesia Honeynet Chapter

ION Belfast - Opening Slides - Chris Grundemann

Deploy360 Programme (Internet Society)

2 s tic-rina-2020-presentatie

Eduard Grasa

Umesh nfc login application for mobile devices29th nov

Umeshjamce

TFI2014 Conference Opening - ISOC Deployment & Operationalization

Colorado Internet Society (CO ISOC)

Pistoia Alliance Sequence Services Phase 2 Overview

Pistoia Alliance

PITA Working Group Meeting on Cybersecurity: Empowering the community to enha...

APNIC

On December 13 2020, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to immediately “disconnect or power down SolarWinds Orion products” as they were being actively exploited by malicious actors. Infosec Skills author and KM Cyber Security managing partner Keatron Evans is helping numerous clients respond to the breach and mitigate any potential damage. Join him as he discusses: -What we know about the breach so far -How his clients have responded to the incident -What to look for in your environment to see if you’ve been affected

Solar winds supply chain breach - Insights from the trenches

Infosec

The Honeynet Project Introduction

Julia Yu-Chin Cheng

AARC Assurance Profiles for Kantara Initiative

kantarainitiative

Matteo meucci Software Security - Napoli 10112016

Minded Security

ScadaLab Project

JMBALBOA

We are all now experiencing that remote working and virtual conferencing are important tools to stay connected. Not just in current circumstances but also in the wider future. That is why it is important to offer an easy-to-use, efficient, and quick replacement. Nextcloud is a platform for complete online collaboration and communication and can help to quickly adept and stay connected. Nextcloud is built by Nextcloud GmbH that has employees in home-offices in 11 countries and the Nextcloud Community which is spread all over the world. This talk gives an inside look at how Nextcloud GmbH works together with the Nextcloud community-building Nextcloud. It covers different communication channels that work for synchronous and asynchronous communication, how coordination in distributed teams works, and how good and efficient collaboration around documents is possible. Additionally, but also very important to share, this talk covers some of the challenges and solutions on how to successfully work across different countries, time zones, languages, and cultures.

stackconf 2021 | First hand experience: How Nextcloud stayed productive durin...

NETWAYS

Getting Started with Splunk Breakout Session

Splunk

The Neuroinformatics community in OpenAIRE Connect (Presentation by Sorina Po...

OpenAIRE

ONF Snapshot

US-Ignite

In this video from the 2019 EasyBuild User Meeting, Kenneth Hoste from the University of Ghent presents: EasyBuild State of the Union. EasyBuild is a software build and installation framework that allows you to manage (scientific) software on HPC systems in an efficient way. It is motivated by the need for a tool that combines the following features: a flexible framework for building/installing (scientific) software fully automates software builds divert from the standard configure / make / make install with custom procedures allows for easily reproducing previous builds keep the software build recipes/specifications simple and human-readable supports co-existence of versions/builds via dedicated installation prefix and module files enables sharing with the HPC community (win-win situation) automagic dependency resolution retain logs for traceability of the build processes Learn more: https://indico.cism.ucl.ac.be/event/4/timetable/#all.detailed and https://github.com/easybuilders/easybuild Sign up for our insideHPC Events Calendar: http://insidehpc.com/newsletter

EasyBuild State of the Union

inside-BigData.com

Monitoring indonesia darknets - Revealing the unseen security intrusion

Charles Lim

Great Open Source Compliance For Everyone (Version 3)

Shane Coughlan

Why Johnny Can't Blow the Whistle

gregnorc

Similar to Collaboration Between Infosec Community and CERT Teams : Project Sonar case (20)

Charles Lim - Honeynet Indonesia Chapter

ION Belfast - Opening Slides - Chris Grundemann

2 s tic-rina-2020-presentatie

Umesh nfc login application for mobile devices29th nov

TFI2014 Conference Opening - ISOC Deployment & Operationalization

Pistoia Alliance Sequence Services Phase 2 Overview

PITA Working Group Meeting on Cybersecurity: Empowering the community to enha...

Solar winds supply chain breach - Insights from the trenches

The Honeynet Project Introduction

AARC Assurance Profiles for Kantara Initiative

Matteo meucci Software Security - Napoli 10112016

ScadaLab Project

stackconf 2021 | First hand experience: How Nextcloud stayed productive durin...

Getting Started with Splunk Breakout Session

The Neuroinformatics community in OpenAIRE Connect (Presentation by Sorina Po...

ONF Snapshot

EasyBuild State of the Union

Monitoring indonesia darknets - Revealing the unseen security intrusion

Great Open Source Compliance For Everyone (Version 3)

Why Johnny Can't Blow the Whistle

More from Valdes Nzalli

#OpenData DevFest18

Valdes Nzalli

Pénétration de l'Internet en Afrique : Qu'en est-il des équipements ?

Valdes Nzalli

De plus en plus d'équipements se retrouvent de nos jours connecté à Internet, la baisse des prix de la bande passante aidant, il est dorénavant plus facile d'héberger par exemple un service soit même. Mais cette croissance n'est pas la même pour les mesures de sécurité appliquées aux équipements connectés. Notre exposé aura pour but de révéler les statistiques d'un audit de l'internet en Afrique sur une durée mensuelle. Il nous a ainsi été possible d'identifier plusieurs cas comme les machines membres de botnets, des serveur ouverts au public mais non patchés et bien d'autres. De ces résultats nous avons fait un classement par pays, Application, Système,... ainsi que leur fréquence.

Etude Statistique d'un mois de Vulnérabilités en Afrique

Valdes Nzalli

Suite aux révélations sur les programmes de renseignement massif des agences Gouvernementales outre-mer en Juin dernier, les réactions de part et d'autres se sont fait entendre un peu partout et en particulier dans la sphère Internet Africaine. Cette Etude est une enquête sur les issues générées par cet état de choses ; notamment savoir quelles ont été les mesures mises en place par les gouvernements, Entreprises et Internautes Africains pour ce prémunir de ce phénomène. Par ailleurs, il sera question de savoir quel est l'impact et l'efficacité des mesures prises par les uns et les autres. Sont-elle efficientes?! comment peuvent-elle être améliorée ? sont là les questions qui trouverons réponses au cours de cet exposé.

Internet et Vie Privée Analyse des comportements en Afrique après PRISM

Valdes Nzalli

Cam cybersec fgi_reseaux_sociaux_et_securite_version_1.1

Valdes Nzalli

Valdes cyberguerre-barcamp2012

Valdes Nzalli

Valdes securite des application - barcamp2012

Valdes Nzalli

Government can save millions by reforming Security Policy

Valdes Nzalli

Cercle gt f-ssi_white_paper_finale5

Valdes Nzalli

Rapport GEULLIC du 24-04-2011

Valdes Nzalli

Logiciels libres cameroun m1

Valdes Nzalli

Presentation communaute (Cahier de Charg

Valdes Nzalli

More from Valdes Nzalli (12)

#OpenData DevFest18

Pénétration de l'Internet en Afrique : Qu'en est-il des équipements ?

Etude Statistique d'un mois de Vulnérabilités en Afrique

Internet et Vie Privée Analyse des comportements en Afrique après PRISM

Cam cybersec fgi_reseaux_sociaux_et_securite_version_1.1

Valdes cyberguerre-barcamp2012

Valdes securite des application - barcamp2012

Government can save millions by reforming Security Policy

Cercle gt f-ssi_white_paper_finale5

Rapport GEULLIC du 24-04-2011

Logiciels libres cameroun m1

Presentation communaute (Cahier de Charg

Recently uploaded

Speed Wins: From Kafka to APIs in Minutes

confluent

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

IoT Analytics Company Presentation May 2024

IoTAnalytics

You’ve heard good data matters in Machine Learning, but does it matter for Generative AI applications? Corporate data often differs significantly from the general Internet data used to train most foundation models. Join me for a demo on building an open source RAG (Retrieval Augmented Generation) stack using Milvus vector database for Retrieval, LangChain, Llama 3 with Ollama, Ragas RAG Eval, and optional Zilliz cloud, OpenAI.

Introduction to Open Source RAG and RAG Evaluation

Zilliz

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

Ever caught yourself nodding along when someone mentions "delivering value" in Agile, but secretly wondering what the heck they actually mean? You're not alone! Join us for an eye-opening session where we'll strip away the buzzwords and dive into the heart of Agile—value delivery. But what is "value"? Is it a mythical unicorn in the world of software development, or is there more to this overused term? This isn't going to be a sit-and-get lecture. We're talking about a face-to-face, interactive meetup where YOU play a crucial role. Come along to: Define It: What does "value" really mean? We’ll build a definition that’s not just words, but a compass for your Agile journey. Contextualise It: Discover what value means specifically to you, your team, your company, and your industry. Because one size does not fit all. Deliver It: Share strategies and gather new ones for uncovering and delivering true value—no more shooting in the dark!

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx

David Michel

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

Welcome to UiPath Test Automation using UiPath Test Suite series part 2. In this session, we will cover API test automation along with a web automation demo. Topics covered: Test Automation introduction API Example of API automation Web automation demonstration Speaker Pathrudu Chintakayala, Associate Technical Architect @Yash and UiPath MVP Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

UiPath Test Automation using UiPath Test Suite series, part 2

DianaGray10

IESVE for Early Stage Design and Planning

IES VE

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

New customer? New industry? New cloud? New team? A lot to handle! How to ensure the success of the project? Start it well! I've created the 3 areas of focus at the beginning of the project that helped me in multiple roles (BA, PO, and Consultant). Learn from real-world experiences and discover how these insights can empower you to deliver unparalleled value to your customers right from the project's start.

Powerful Start- the Key to Project Success, Barbara Laskowska

CzechDreamin

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

Unlock the mysteries of successful Salesforce interviews in this insightful session hosted by Hugo Rosario (Salesforce Customer), a seasoned hiring manager that leads the Salesforce Department of multinational company with over 100 interviews under their belt. Step into the manager's chair and gain exclusive behind-the-scenes insights into what makes a Salesforce consultant stand out during the interview process. From deciphering the unspoken cues to mastering key strategies, we'll explore the intricacies of the interview process and provide practical tips for consultants looking to not only pass interviews but also thrive in their roles. Whether you're a seasoned professional or just starting your Salesforce journey, this session is your backstage pass to the secrets that hiring managers wish you knew.

Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...

CzechDreamin

ODC, Data Fabric and Architecture User Group

CatarinaPereira64715

This talk focuses on the practical aspects of integrating various telephony systems with Salesforce, drawing on examples from implementations in the Czech scene. It aims to inform attendees about the spectrum of telephony solutions available, from small to large scale, and their compatibility with Salesforce. The presentation will highlight key considerations for selecting a telephony provider that integrates smoothly with Salesforce, including important questions to support the decision-making process. It will also discuss methods for integrating existing telephony systems with Salesforce, aimed at companies contemplating or in the process of adopting this CRM platform. The discussion is designed to provide a straightforward overview of the steps and considerations involved in telephony and Salesforce integration, with an emphasis on functionality, compatibility, and the practical experiences of Czech companies.

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...

CzechDreamin

Bits & Pixels using AI for Good.........

Alison B. Lowndes

Discover the essentials of performance testing in the IT sector with our concise guide. Learn about various testing types such as load, stress, endurance, spike, scalability, and volume testing. Understand key performance metrics like response time, throughput, CPU and memory utilization, and error rate. Explore top tools like Apache JMeter, LoadRunner, Gatling, Neoload, and BlazeMeter. Gain insights into best practices for defining objectives, creating realistic scenarios, automating tests, and optimizing performance to ensure user satisfaction, reliability, scalability, and cost efficiency. Ideal for developers, QA engineers, and IT professionals. Visit Expeed Software for more information. https://expeed.com/

In-Depth Performance Testing Guide for IT Professionals

Expeed Software

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

Recently uploaded (20)

Speed Wins: From Kafka to APIs in Minutes

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

IoT Analytics Company Presentation May 2024

Introduction to Open Source RAG and RAG Evaluation

Designing Great Products: The Power of Design and Leadership by Chief Designe...

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

UiPath Test Automation using UiPath Test Suite series, part 2

IESVE for Early Stage Design and Planning

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Powerful Start- the Key to Project Success, Barbara Laskowska

UiPath Test Automation using UiPath Test Suite series, part 3

How world-class product teams are winning in the AI era by CEO and Founder, P...

Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...

ODC, Data Fabric and Architecture User Group

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...

Bits & Pixels using AI for Good.........

In-Depth Performance Testing Guide for IT Professionals

Connector Corner: Automate dynamic content and events by pushing a button

Collaboration Between Infosec Community and CERT Teams : Project Sonar case

1. Collaboration Between Infosec Community and CERT Teams : Project Sonar case 1

2. Summary 1- Intro 2- A little Flashback 3- Who is the Infosec Community ? 3- What is Project Sonar ? 4- How can it be useful for CERT/CSIRT ? 5- What can be done ? 6- Conclusion 2

3. INTRO ● ● /me { Valdes T. Nzalli | @valdesjo77 Co-Founder & Security Evangelist at Cameroon Cyber Security } Cameroon Cyber Security : { NGO Association, Infosec Workshops, Trainings, Awareness and Share ! | @camcybersec www.camcybersec.cm « Be Secure, Be Safe ! » } 3

4. A LITTLE FLASHBACK Internet Census Map (Carna Botnet) 4

5. Who is the Infosec Community ? ● Infosec Researchers ● Infosec Products Builders / Vendors ● Security Analysts worldwide 5

6. What is Project Sonar ? ● Scanning Public Internet-facing Systems ● Analyse datasets provided by Scans ● Share result and datasets with IT Security Community Datasets Availables : IPv4 TCP banners & UDP probe replies IPv4 Reverse DNS PTR records IPv4 SSL Certificates 6

7. What is Project Sonar ? ● Public Vulnerabilities on UpnP device reveled 7

8. What is Project Sonar ? Serial Console Port Services exposed worldwide 8

9. What is Project Sonar ? OpenSSH servers usage and vulnerabilities frequency in Africa 9

10. How can it be useful for CERT/CSIRT ? 10

11. How can it be useful for CERT/CSIRT ? ● Workforce reduced ● More Specific Awareness Campaign ● ● Improvement of the Global Cybersecurity State Pro-active Incident Response 11

12. What can be done ? ● ● ● ● ● Working together with Infosec Researchers/Products Builders Define standard of communication with Infosec Community Grab Datasets available for « internal » usage Analyse and use this Informations for their customers Also, share their information with Infosec Community to improve global Cybersecurity 12

13. Conclusion Useful Ressources : ● ● ● ● Project Sonar free Datasets https://scans.io/ Internet Census Project http://internetcensus2012.bitbucket.org/ Rapid7 Community : Welcome to Project Sonar https://community.rapid7.com/community/infosec/sonar/blog/2 Additional : Shodan HQ : www.shodanhq.com 13

Collaboration Between Infosec Community and CERT Teams : Project Sonar case

Recommended

Recommended

More Related Content

Similar to Collaboration Between Infosec Community and CERT Teams : Project Sonar case

Similar to Collaboration Between Infosec Community and CERT Teams : Project Sonar case (20)

More from Valdes Nzalli

More from Valdes Nzalli (12)

Recently uploaded

Recently uploaded (20)

Collaboration Between Infosec Community and CERT Teams : Project Sonar case