Automated, Collection, and Enrichment (ACE)

•

5 likes•2,373 views

Blackhat Arsenal Presentation introducing the Automated, Collection, and Enrichment (ACE) platform which is a suite of tools for threat hunters to collect data from many endpoints in a network and automatically enrich the data.

Technology

Automated Collection &
Enrichment (ACE)
Jared Atkinson & Robby Winchester

Overview
● Concept
● Setup
○ System Requirements
○ Architecture
○ System Management
● Collection
● Automation
● Enrichment
● Data Export
● Future

What is ACE
● An open source solution that enables agentless threat
hunting in an environment
● Allows for scanning of remote Windows and macOS/Linux
systems
○ Only requires Local Admin access
○ macOS requires SSH enabled for a “sudoer” account
● Can perform host scans or be scheduled for routine use in
an enterprise

Why ACE?
● As consultants performing Compromise Assessments, we
rarely have the authority or ability to alter a
customer’s environment to support assessment operations
● No external dependencies or agent to install
● Executes solely in memory with nothing being written to
disk
● JSON formatted output allows for easy ingestion into SIEM
of choice
● It’s free!

Architecture Overview
Scan to Target Systems
Download Script & Return Results
Enriched Data
Target Network
Management
System
Scan Tasking
ACE

ACE Architecture
Enrichments
- Enriches scan data
- Outputs data from ACE
ACE Management
- Hosts users/computers/creds
- Backend management of ACE
Web Server
- Initiates scan activity
- Hosts scanning scripts
- Receives host data
Management
System
- Performs tasking

System Management
● Users - Internal ACE system accounts
○ Create, Enumerate, Remove, Update
● Credentials - Credentials to target systems
○ Add, Enumerate
● Scripts - Scans being run on remote systems
○ Add, Enumerate
● Computers - Computers in target environment
○ AD & Computer List Discovery

System Management
Web Server
Enrichments
ACE Management
Management
System
Add/R
em
ove
AC
E
O
bjects
ACE information
(Users/Credentials/Computers)
Discovery

Automation
● Architecture of ACE allows for easy configuration and use
● Schedule scans
○ Time in future
○ Repeat Scan ‘x’ times at ‘y’ interval
○ Can specify desired scripts/computers per scan
● Take care of collection process behind the scenes
○ Tasking and script execution
○ Upload of completed scan data

Automation
Web Server
Download
Scripts
Scheduling
Results
Enrichments
ACE Management
Management
System
Relay
Tasking
Access ACE Information for Scan

Collection
● Scripts
○ Windows - PowerShell (PS v2 compatible)
○ macOS/Linux - Python (2.7 with no dependencies)
● Downloaded and executed from the Web Server
● Results uploaded to web server via HTTPS POST requests

Collection
Web Server
Download
Scripts
Scan
Taskings
Results
Enrichments
ACE Management
Management
System
Relay
Tasking
Access ACE Information for Scan

Enrichment
● RabbitMQ messaging system used for enrichment
○ Queues and exchanges used to manage the data
○ Uses AMQP 0.9.1 messaging protocol
● Currently supports public API VirusTotal enrichment
● Allows for easy additional custom enrichments
○ Currently all written in C#, however RabbitMQ is supported in Python,
Java, Ruby, PHP, JavaScript, Go, Elixir, Objective-C, Swift, and
Spring AMQP

Enrichment
Web Server
Scan
Results
Enrichments
ACE Management
Management
System
Scan Results for Enrichment
Enriched Data

Pre_Hash
File
SIEM
X
ACE
Exchange
VirusTotal
Hash Match
C
FileWriter
C
SIEM
P
ACE Web
Server
C/P
RabbitMQ Enrichment Process

Data Export
● Enriched data can currently be exported from ACE two ways
○ Pulled from a RabbitMQ Queue straight to a SIEM (such as ELK)
■ Logstash can map to RabbitMQ input
○ Written out to flat files
● All data is formatted as one object per line flat JSON
○ Easily can import into SIEM of choice for analysis

Future Enhancements
● Simplified Deployment - 4 Aug
● Sweep Tracking - ~2 months
● Additional Scanning Scripts - Ongoing
○ Add wider Linux/Unix support
○ Additional Windows scripts
● Additional Protocol Support - Ongoing
● Additional Enrichments - Ongoing
○ IP Reputation
● Web GUI - TBD

___________________________________________ Meetup#7 | Session 2 | 21/03/2018 | Taboola _____________________________________________ In this talk, we will present our multi-DC Kafka architecture, and discuss how we tackle sending and handling 10B+ messages per day, with maximum availability and no tolerance for data loss. Our architecture includes technologies such as Cassandra, Spark, HDFS, and Vertica - with Kafka as the backbone that feeds them all.

Prometheus casual talk1

wyukawa

API Facade Pattern with Apache Synapse

Hiranya Jayathilaka

Prometheus

Mike Frampton

This presentation gives an overview of the Prometheus project. It explains Prometheus in terms of it's visualisation, time series processing capabilities and architecture. It also examines it's query language PromQL. Links for further information and connecting http://www.amazon.com/Michael-Frampton/e/B00NIQDOOM/ https://nz.linkedin.com/pub/mike-frampton/20/630/385 https://open-source-systems.blogspot.com/

HTTP Analytics for 6M requests per second using ClickHouse

Alexander Bocharov

How fast is it?

Patrick Meenan

Monitoring Kafka w/ Prometheus

kawamuray

Prometheus on AWS

Mitsuhiro Tanda

Administrative techniques to reduce Kafka costs | Anna Kepler, Viasat

HostedbyConfluent

When your Kafka clusters start growing so is the cost associated with them. As administrators we have to ensure that the service we support is operating in the most reliable way to satisfy the customers. However, for our business it is as important that we ensure the same service is also cost-efficient. There are two ways we can optimize the cost of service – tuning broker machines and tuning the data transfers. Minimizing data transfer is the largest return on investment since that is what accounts for the most spend. With the use of Kafka administrative tools and metrics we can find multiple ways to reduce the data transfers in the clusters. The presentation will cover various techniques administrators of Kafka service can employ to reduce the data transfers and to save the operational costs. Reducing cross-AZ traffic, optimizing batching with use of DumpLogSegment script, utilizing Kafka metrics to shut down unused data streams and more. With an objective of making our Kafka deployment as cost effective as possible, we have gained money saving tricks. And we would love to share them with the community.

Apache Kafka : Monitoring vs Alerting

Ratish Ravindran

Hadoop summit - Scaling Uber’s Real-Time Infra for Trillion Events per Day

Ankur Bansal

Building data pipelines is pretty hard! Building a multi-datacenter active-active real time data pipeline for multiple classes of data with different durability, latency and availability guarantees is much harder. Real time infrastructure powers critical pieces of Uber (think Surge) and in this talk we will discuss our architecture, technical challenges, learnings and how a blend of open source infrastructure (Apache Kafka and Samza) and in-house technologies have helped Uber scale.

Disaster Recovery for Multi-Region Apache Kafka Ecosystems at Uber

confluent

Speaker: Yupeng Fu, Staff Engineer, Uber High availability and reliability are important requirements to Uber services, and the services shall tolerate datacenter failures in a region and fail over to another region. In this talk, we will present the active-active Apache Kafka® at Uber and how it facilitates disaster discovery across regions for Uber services. In particular, we will highlight the key components including topic replication, topic aggregation, offsets sync and then walk through several use cases of their disaster recovery strategy using active-active Kafka. Lastly, we will present several interesting challenges and the future work planned. Yupeng Fu is a staff engineer in Uber Data Org leading the streaming data platform. Previously, he worked at Alluxio and Palantir, building distributed data analysis and storage platforms. Yupeng holds a B.S. and an M.S. from Tsinghua University and did his Ph.D. research on databases at UCSD.

ConsulAriel Moskovich

Flink Forward Berlin 2017: Maciek Próchniak - TouK Nussknacker - creating Fli...

Flink Forward

Last year we (TouK) introduced Flink in one of the biggest polish telcoms in the domain of real time marketing and fraud detection. One of the most significant problems in adoption was lack of programming skills at our client - the users were supposed to be analytics/business people. Therefore, we developed a custom platform - TouK Nussknacker - which allows users to design processes with GUI by drawing diagrams. Our project is going to be open-sourced soon - this will happen before Flink Forward. We believe it can make stream processing with Flink more accessible in many use cases, especially in companies that don't have their own development teams. During the talk I’m going to describe architecture of our platform, why we made certain design decisions and about our future plans. I’ll also describe our experiences - when being able to use GUI is great and when it’s better to develop jobs as normal code. If time permits I’ll also show a quick demo of our solution.

Monitoring Kubernetes with Prometheus

Tobias Schmidt

Service Discovery with Consul - Arunvel Arunachalam

Neependra Khare

Integration Of Mulesoft and Apache Active MQ

Gaurav Talwadker

Monitoring a Kubernetes-backed microservice architecture with Prometheus

Fabian Reinartz

As many startups of the last decade, SoundCloud’s architecture started as a Ruby-on-Rails monolith, which later had to be broken into microservices to cope with the growing size and complexity of the site. The microservices initially ran on an in-house container management and deployment platform. Recently, the company has started to migrate to Kubernetes. With the introduction of microservices, the existing conventional monitoring setup failed both conceptually and in terms of scalability. Thus, starting in 2012, SoundCloud invested heavily into the development of the open-source monitoring system Prometheus, which was designed for large-scale highly dynamic service-oriented architectures. Migrating to Kubernetes, it became apparent that Prometheus and Kubernetes are a match made in open-source heaven. The talk will demonstrate the current Prometheus setup at SoundCloud, monitoring a large-scale Kubernetes cluster.

ICANN DNS Symposium (IDS 2019): RDAP CDN Distribution Experience

APNIC

WSO2Con USA 2015: Deployment Patterns and Capacity Planning

WSO2

Identifying the right deployment architecture is key when providing smooth operation of a production system. Deployment architecture is important for providing non-functional requirements such as availability, scalability and security for an enterprise software solution. In addition to those, a deployment architecture is key when supporting future business and technical requirements. Deployment patterns are a way to quickly determine best practices from production deployments identified from different industry verticals. After identifying the correct deployment architecture, it’s crucial to determine the size of the deployment by understanding the number of servers/VMs/containers necessary to support the minimum, average and possible maximum load that the system is expected to handle. This capacity planning session will discuss how to take a fact based approach to determine the size of your deployment.

Red Hat Forum Tokyo - OpenStack Architecture Design

Dan Radez

Designing for operability and managability

Gaurav Bahrani

What's hot

Distributed Kafka Architecture Taboola Scale

Apache Kafka TLV

Prometheus casual talk1

wyukawa

API Facade Pattern with Apache Synapse

Hiranya Jayathilaka

Prometheus

Mike Frampton

HTTP Analytics for 6M requests per second using ClickHouse

Alexander Bocharov

How fast is it?

Patrick Meenan

Monitoring Kafka w/ Prometheus

kawamuray

Prometheus on AWS

Mitsuhiro Tanda

Administrative techniques to reduce Kafka costs | Anna Kepler, Viasat

HostedbyConfluent

Apache Kafka : Monitoring vs Alerting

Ratish Ravindran

Hadoop summit - Scaling Uber’s Real-Time Infra for Trillion Events per Day

Ankur Bansal

Disaster Recovery for Multi-Region Apache Kafka Ecosystems at Uber

confluent

ConsulAriel Moskovich

Flink Forward Berlin 2017: Maciek Próchniak - TouK Nussknacker - creating Fli...

Flink Forward

Monitoring Kubernetes with Prometheus

Tobias Schmidt

Service Discovery with Consul - Arunvel Arunachalam

Neependra Khare

Integration Of Mulesoft and Apache Active MQ

Gaurav Talwadker

Monitoring a Kubernetes-backed microservice architecture with Prometheus

Fabian Reinartz

ICANN DNS Symposium (IDS 2019): RDAP CDN Distribution Experience

APNIC

WSO2Con USA 2015: Deployment Patterns and Capacity Planning

WSO2

What's hot (20)

Distributed Kafka Architecture Taboola Scale

Prometheus casual talk1

API Facade Pattern with Apache Synapse

Prometheus

HTTP Analytics for 6M requests per second using ClickHouse

How fast is it?

Monitoring Kafka w/ Prometheus

Prometheus on AWS

Administrative techniques to reduce Kafka costs | Anna Kepler, Viasat

Apache Kafka : Monitoring vs Alerting

Hadoop summit - Scaling Uber’s Real-Time Infra for Trillion Events per Day

Disaster Recovery for Multi-Region Apache Kafka Ecosystems at Uber

Consul

Flink Forward Berlin 2017: Maciek Próchniak - TouK Nussknacker - creating Fli...

Monitoring Kubernetes with Prometheus

Service Discovery with Consul - Arunvel Arunachalam

Integration Of Mulesoft and Apache Active MQ

Monitoring a Kubernetes-backed microservice architecture with Prometheus

ICANN DNS Symposium (IDS 2019): RDAP CDN Distribution Experience

WSO2Con USA 2015: Deployment Patterns and Capacity Planning

Similar to Automated, Collection, and Enrichment (ACE)

Red Hat Forum Tokyo - OpenStack Architecture Design

Dan Radez

Designing for operability and managability

Gaurav Bahrani

Open Audit

ncspa

Scaling 100PB Data Warehouse in Cloud

Changshu Liu

Exploring the Final Frontier of Data Center Orchestration: Network Elements -...

Puppet

Infra / Cont delivery - 3rd party automation

Shay Cohen

2009-08-24 Managing your Red Hat Enterprise Linux Guests with RHN Satellite

Shawn Wells

Bare Metal Provisioning for Big Data - OpenStack最新情報セミナー(2016年12月)

VirtualTech Japan Inc.

AWS_Community_Day_2023-Chathra Serasinghe.pptx

ChathraSerasinghe2

It is common for enterprises to give a high priority to security and compliance, as these are critical concerns for businesses of all sizes. One way that enterprises can address these concerns is by leveraging agent-based security and compliance tools. This ppt explains about the solution which helps to centrally deploy agents to all SSM managed workloads that enable a variety of use cases, such as endpoint security, threat intelligence, software asset management, inventory, license management, etc.

Creating an open source load balancer for S3

Anders Bruvik

slides (PPT)webhostingguy

How Docker Accelerates Continuous Development at ironSource: Containers #101 ...

Brittany Ingram

Containers 101 meetup talk recording posted here- https://codefresh.io/blog/containers-101-meetup-docker-accelerates-continuous-development/ Shimon Tolts, General Manager/ CTO of Data Solutions at ironSouce, joined us to talk about how they leverage Docker to simplify their workflow and deliver Big Data solutions to their customers faster. He shared their experience running Docker containers in production and how they took one of their base systems, considered "the backbone of the company," and transformed it using containers.

Silverstripe at scale - design & architecture for silverstripe applications

BrettTasker

ENT401 Deep Dive with Amazon EC2 Systems Manager

Amazon Web Services

Whether you are a traditional enterprise exploring migrating workloads to the cloud or are already “all-in” on AWS, performing common tasks of inventory collection, OS patch management, and image creation at scale is increasingly complicated in hybrid infrastructure environments. Amazon EC2 Systems Manager allows you to perform automated configuration and ongoing management of your hybrid environment systems at scale. This session provides an overview of key EC2 Systems Manager capabilities that help you define and track system configurations, prevent drift, and maintain software compliance of your EC2 and on-premises configurations. We will also discuss common use cases for EC2 Systems Manager and give you a demonstration of a hybrid-cloud management scenario.

PcpReanimation Bk

Server Monitoring from the Cloud

Site24x7

EPM Automate - Automating Enterprise Performance Management Cloud Solutions

Joseph Alaimo Jr

USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month

Nicolas Brousse

TubeMogul grew from few servers to over two thousands servers and handling over one trillion http requests a month, processed in less than 50ms each. To keep up with the fast growth, the SRE team had to implement an efficient Continuous Delivery infrastructure that allowed to do over 10,000 puppet deployment and 8,500 application deployment in 2014. In this presentation, we will cover the nuts and bolts of the TubeMogul operations engineering team and how they overcome challenges.

What's new in NGINX Plus R19

NGINX, Inc.

Test rate limits in dry-run mode and monitor NGINX Plus using advanced metrics with NGINX Plus R19. On-Demand Link: https://www.nginx.com/resources/webinars/whats-new-nginx-plus-r19/ Watch this webinar to learn: - How to monitor your NGINX Plus ecosystem with fine-grained insights using advanced metrics - About dynamically blacklisting IP address ranges in the key-value Store - How to apply different bandwidth limits based on attributes of incoming traffic - About testing rate limits in dry-run mode

SCCM 2007 Introduction - PICC 2012

capriguy84

Similar to Automated, Collection, and Enrichment (ACE) (20)

Red Hat Forum Tokyo - OpenStack Architecture Design

Designing for operability and managability

Open Audit

Scaling 100PB Data Warehouse in Cloud

Exploring the Final Frontier of Data Center Orchestration: Network Elements -...

Infra / Cont delivery - 3rd party automation

2009-08-24 Managing your Red Hat Enterprise Linux Guests with RHN Satellite

Bare Metal Provisioning for Big Data - OpenStack最新情報セミナー(2016年12月)

AWS_Community_Day_2023-Chathra Serasinghe.pptx

Creating an open source load balancer for S3

slides (PPT)

How Docker Accelerates Continuous Development at ironSource: Containers #101 ...

Silverstripe at scale - design & architecture for silverstripe applications

ENT401 Deep Dive with Amazon EC2 Systems Manager

Pcp

Server Monitoring from the Cloud

EPM Automate - Automating Enterprise Performance Management Cloud Solutions

USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month

What's new in NGINX Plus R19

SCCM 2007 Introduction - PICC 2012

More from Jared Atkinson

Red + Blue, How Purple Are You

Jared Atkinson

Have you heard about Purple Teaming, but you were unsure of exactly what it is? Maybe you've heard it explained as "the red and blue teams working together to improve the organization's security posture." While that may be a good high level description of Purple Teaming as a concept, it lacks a clear direction of how this outcome is achieved. As they say, "The Devil is in the details." At SpecterOps, we believe that a Purple Team exercise is one that leverages an adversarial mindset to evaluate the overall efficacy of security controls, whether they are detective or preventative. Join us for an hour-long webinar where we will dive into the major questions regarding Purple Team including: - Why small changes in adversary tradecraft have a profound effect on detectability. - How to map variations between tools that implement the same technique. - How to construct a representative sample set of test cases.

Mapping Detection Coverage

Jared Atkinson

In this presentation, Jared Atkinson and Jonathan Johnson discuss the problem that many security professionals are facing today. How exactly do I know if my detection will actually detect the thing I want to detect? We discuss the importance of testing telemetry coverage and using abstraction to build a representative sample set of Atomic tests to validate detection coverage. Scripts used in presentation can be found below: Process Access: https://gist.github.com/jaredcatkinson/9c7a1af2261a752432230a4148ecfe02 Process Read: https://github.com/redcanaryco/AtomicTestHarnesses/blob/master/Windows/TestHarnesses/T1003.001_DumpLSASS/DumpLSASS.ps1

Paranoia 2018: A Process is No One

Jared Atkinson

A Process is No One - Jared Atkinson and Robby Winchester Does your organization want to start Threat Hunting, but you're not sure how to begin? Most people start with collecting ALL THE DATA, but data means nothing if you're not able to analyze it properly. This talk begins with the often overlooked first step of hunt hypothesis generation which can help guide targeted collection and analysis of forensic artifacts. We will demonstrate how to use the MITRE ATTACK Framework and our five-phase Hypothesis Generation Process to develop actionable hunt processes, narrowing the scope of your Hunt operation and avoiding "analysis paralysis." We will then walk through a detailed case study of detecting access token impersonation/manipulation from concept to technical execution by way of the Hypothesis Generation Process. Along the way, we will detail some of the most common access token manipulations in use and detail the defensive detection implications for each of these cases. This comprehensive case study will better arm both attackers and defenders with how to better utilize their toolset to detect or avoid detection of token theft and manipulation.

Purpose Driven Hunt (DerbyCon 2017)

Jared Atkinson

Does your organization want to start Threat Hunting, but you’re not sure how to begin? Most people start with collecting ALL THE DATA, but data means nothing if you’re not able to analyze it properly. This talk focuses on the often overlooked first step of hunt hypothesis generation which can help guide targeted collection and analysis of forensic artifacts. We will demonstrate how to use the MITRE ATTACK Framework and our five-phase Hypothesis Generation Process to develop actionable hunt processes, narrowing the scope of your Hunt operation and avoiding “analysis paralysis.” We will then walk through a case study of Golden Ticket detection from concept to technical execution by way of the Hypothesis Generation Process. Along the way, we will detail some of the most common Golden Ticket indicators and will release a new PowerShell script for extracting Kerberos ticket information without any dependencies on external binaries.

BSidesDC - **** it, Do It Live (PowerShell Digital Forensics)

Jared Atkinson

44CON London 2015: Old Dog, New Tricks: Forensics with PowerShell

Jared Atkinson

44CON London 2015: NTFS Analysis with PowerForensics

Jared Atkinson

More from Jared Atkinson (7)

Red + Blue, How Purple Are You

Mapping Detection Coverage

Paranoia 2018: A Process is No One

Purpose Driven Hunt (DerbyCon 2017)

BSidesDC - **** it, Do It Live (PowerShell Digital Forensics)

44CON London 2015: Old Dog, New Tricks: Forensics with PowerShell

44CON London 2015: NTFS Analysis with PowerForensics

Recently uploaded

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf

Peter Spielvogel

Building better applications for business users with SAP Fiori. • What is SAP Fiori and why it matters to you • How a better user experience drives measurable business benefits • How to get started with SAP Fiori today • How SAP Fiori elements accelerates application development • How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities • How SAP Fiori paves the way for using AI in SAP apps

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

RESUME BUILDER APPLICATION Project for students

KAMESHS29

Free Complete Python - A step towards Data Science

RinaMondal9

UiPath Community Day Dubai: AI at Work..

UiPathCommunity

Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking. 📕 Curious on our agenda? Wait no more! 10:00 Welcome note - UiPath Community in Dubai Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank 10:20 A UiPath cross-region MEA overview Ashraf El Zarka, VP and Managing Director MEA, UiPath 10:35: Customer Success Journey Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank 11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more Boris Krumrey, Global VP, Automation Innovation, UiPath 12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services. Brendan Lingam, Director of Sales and Business Development, Marc Ellis

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™

UiPathCommunity

In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni. 📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath: Autopilot per Studio Web Autopilot per Studio Autopilot per Apps Clipboard AI GenAI applicata alla Document Understanding 👨‍🏫👨‍💻 Speakers: Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath Andrei Tasca, RPA Solutions Team Lead @NTT Data

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

Removing Uninteresting Bytes in Software Fuzzing

Aftab Hussain

Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process. In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds. - These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.

The Metaverse and AI: how can decision-makers harness the Metaverse for their...

Jen Stirrup

The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives? How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

Assure Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

Alex Pruden

This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second). Paper: https://eprint.iacr.org/2023/1886

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Recently uploaded (20)

GraphRAG is All You need? LLM & Knowledge Graph

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

The Art of the Pitch: WordPress Relationships and Sales

RESUME BUILDER APPLICATION Project for students

Free Complete Python - A step towards Data Science

UiPath Community Day Dubai: AI at Work..

PCI PIN Basics Webinar from the Controlcase Team

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

Leading Change strategies and insights for effective change management pdf 1.pdf

Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™

Monitoring Java Application Security with JDK Tools and JFR Events

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

Removing Uninteresting Bytes in Software Fuzzing

The Metaverse and AI: how can decision-makers harness the Metaverse for their...

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

FIDO Alliance Osaka Seminar: Overview.pdf

Assure Contact Center Experiences for Your Customers With ThousandEyes

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

UiPath Test Automation using UiPath Test Suite series, part 4

Automated, Collection, and Enrichment (ACE)

1. Automated Collection & Enrichment (ACE) Jared Atkinson & Robby Winchester

2. Overview ● Concept ● Setup ○ System Requirements ○ Architecture ○ System Management ● Collection ● Automation ● Enrichment ● Data Export ● Future

3. What is ACE ● An open source solution that enables agentless threat hunting in an environment ● Allows for scanning of remote Windows and macOS/Linux systems ○ Only requires Local Admin access ○ macOS requires SSH enabled for a “sudoer” account ● Can perform host scans or be scheduled for routine use in an enterprise

4. Why ACE? ● As consultants performing Compromise Assessments, we rarely have the authority or ability to alter a customer’s environment to support assessment operations ● No external dependencies or agent to install ● Executes solely in memory with nothing being written to disk ● JSON formatted output allows for easy ingestion into SIEM of choice ● It’s free!

5. Architecture Overview Scan to Target Systems Download Script & Return Results Enriched Data Target Network Management System Scan Tasking ACE

6. ACE Architecture Enrichments - Enriches scan data - Outputs data from ACE ACE Management - Hosts users/computers/creds - Backend management of ACE Web Server - Initiates scan activity - Hosts scanning scripts - Receives host data Management System - Performs tasking

7. System Management ● Users - Internal ACE system accounts ○ Create, Enumerate, Remove, Update ● Credentials - Credentials to target systems ○ Add, Enumerate ● Scripts - Scans being run on remote systems ○ Add, Enumerate ● Computers - Computers in target environment ○ AD & Computer List Discovery

8. System Management Web Server Enrichments ACE Management Management System Add/R em ove AC E O bjects ACE information (Users/Credentials/Computers) Discovery

9. Automation ● Architecture of ACE allows for easy configuration and use ● Schedule scans ○ Time in future ○ Repeat Scan ‘x’ times at ‘y’ interval ○ Can specify desired scripts/computers per scan ● Take care of collection process behind the scenes ○ Tasking and script execution ○ Upload of completed scan data

10. Automation Web Server Download Scripts Scheduling Results Enrichments ACE Management Management System Relay Tasking Access ACE Information for Scan

11. Collection ● Scripts ○ Windows - PowerShell (PS v2 compatible) ○ macOS/Linux - Python (2.7 with no dependencies) ● Downloaded and executed from the Web Server ● Results uploaded to web server via HTTPS POST requests

12. Collection Web Server Download Scripts Scan Taskings Results Enrichments ACE Management Management System Relay Tasking Access ACE Information for Scan

13. Enrichment ● RabbitMQ messaging system used for enrichment ○ Queues and exchanges used to manage the data ○ Uses AMQP 0.9.1 messaging protocol ● Currently supports public API VirusTotal enrichment ● Allows for easy additional custom enrichments ○ Currently all written in C#, however RabbitMQ is supported in Python, Java, Ruby, PHP, JavaScript, Go, Elixir, Objective-C, Swift, and Spring AMQP

14. Enrichment Web Server Scan Results Enrichments ACE Management Management System Scan Results for Enrichment Enriched Data

15. Pre_Hash File SIEM X ACE Exchange VirusTotal Hash Match C FileWriter C SIEM P ACE Web Server C/P RabbitMQ Enrichment Process

16. Data Export ● Enriched data can currently be exported from ACE two ways ○ Pulled from a RabbitMQ Queue straight to a SIEM (such as ELK) ■ Logstash can map to RabbitMQ input ○ Written out to flat files ● All data is formatted as one object per line flat JSON ○ Easily can import into SIEM of choice for analysis

17. Future Enhancements ● Simplified Deployment - 4 Aug ● Sweep Tracking - ~2 months ● Additional Scanning Scripts - Ongoing ○ Add wider Linux/Unix support ○ Additional Windows scripts ● Additional Protocol Support - Ongoing ● Additional Enrichments - Ongoing ○ IP Reputation ● Web GUI - TBD

Automated, Collection, and Enrichment (ACE)

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Automated, Collection, and Enrichment (ACE)

Similar to Automated, Collection, and Enrichment (ACE) (20)

More from Jared Atkinson

More from Jared Atkinson (7)

Recently uploaded

Recently uploaded (20)

Automated, Collection, and Enrichment (ACE)