What's the hype with the dark web? Why are security researchers focusing more on the dark web? How to perform threat hunting on the dark web? Can it be automated? If you are curious about the answers to these questions, then this talk is for you. Dark web hosts several sites where criminals buy, sell, and trade goods and services like drugs, weapons, exploits, etc. Hunting on the dark web can help identify, profile, and mitigate any organization risks if done timely and appropriately. This is why threat intelligence obtained from the dark web can be crucial for any organization. In this presentation, you will learn why threat hunting on the dark web is necessary, different methodologies to perform hunting, the process after hunting, and how hunted data is analyzed. The main focus of this talk will be automating the threat hunting on the dark web. You will also get to know what operational security (OpSec) is and why it is essential while performing hunting on the dark web and how you can employ it in your daily life.
EC-Council, a globally recognized cybersecurity credentialing body, offers the Certified Ethical Hacker (CEH) and Certified Penetration Testing Professional (CPENT) certifications to help you acquire the skills you need to be a part of Red and Blue Teams. CEH is the most desired cybersecurity training program, upping your ethical hacking skills to the next level. CPENT takes off from where CEH leaves off, giving you a real-world, hands-on penetration testing experience.
Purple Teaming is the idea of using a Red Team exercise with clear training objectives for the Blue Team.
Great exercises should not just be focused on testing a product, they should also test your active Blue Team members and their skills. But how does one start to think about a Purple Team exercise, how does one go about running one and what does it look like?
In this talk we will explain what, why and how, to plan an effective purple team exercise and give some examples. Most enterprise networks are Windows heavy so examples will heavily lean on this.
Testing Assumptions, gaps, blind spots is what being proactive is all about. This talk is both for the console folks and non-console folks.
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™Katie Nickels
Katie Nickels and Adam Pennington presented "Turning intelligence into action with MITRE ATT&CK™" at the FIRST CTI Symposium in London on 20 March 2019.
In our webinar “What is Threat Hunting and why do you need it?" we discussed the folowing key points:
1. What Threat hunting is.
2. Why it is becoming so popular and what kinds of attacks are making it necessary.
3. What the challenges are.
4. Threat Hunting and Investigation services for attacks.
5. Case studies.
Find out more on https://www.pandasecurity.com/business/adaptive-defense/?utm_source=slideshare&utm_medium=social&utm_content=SM_EN_WEB_adaptive_defense&track=180715
EC-Council, a globally recognized cybersecurity credentialing body, offers the Certified Ethical Hacker (CEH) and Certified Penetration Testing Professional (CPENT) certifications to help you acquire the skills you need to be a part of Red and Blue Teams. CEH is the most desired cybersecurity training program, upping your ethical hacking skills to the next level. CPENT takes off from where CEH leaves off, giving you a real-world, hands-on penetration testing experience.
Purple Teaming is the idea of using a Red Team exercise with clear training objectives for the Blue Team.
Great exercises should not just be focused on testing a product, they should also test your active Blue Team members and their skills. But how does one start to think about a Purple Team exercise, how does one go about running one and what does it look like?
In this talk we will explain what, why and how, to plan an effective purple team exercise and give some examples. Most enterprise networks are Windows heavy so examples will heavily lean on this.
Testing Assumptions, gaps, blind spots is what being proactive is all about. This talk is both for the console folks and non-console folks.
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™Katie Nickels
Katie Nickels and Adam Pennington presented "Turning intelligence into action with MITRE ATT&CK™" at the FIRST CTI Symposium in London on 20 March 2019.
In our webinar “What is Threat Hunting and why do you need it?" we discussed the folowing key points:
1. What Threat hunting is.
2. Why it is becoming so popular and what kinds of attacks are making it necessary.
3. What the challenges are.
4. Threat Hunting and Investigation services for attacks.
5. Case studies.
Find out more on https://www.pandasecurity.com/business/adaptive-defense/?utm_source=slideshare&utm_medium=social&utm_content=SM_EN_WEB_adaptive_defense&track=180715
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Jorge Orchilles
Join Jorge Orchilles and Phil Wainwright as they cover how to show value during Red and Purple Team exercises with a free platform, VECTR. VECTR is included in SANS Slingshot C2 Matrix Edition so you can follow along the presentation and live demos.
VECTR is a free platform for planning and tracking of your red and purple team exercises and alignment to blue team detection and prevention capabilities across different attack scenarios. VECTR provides the ability to create assessment groups, which consist of a collection of Campaigns and supporting Test Cases to simulate adversary threats. Campaigns can be broad and span activity across the kill chain or ATT&CK tactics, from initial access to privilege escalation and lateral movement and so on, or can be a narrow in scope to focus on specific defensive controls, tools, and infrastructure. VECTR is designed to promote full transparency between offense and defense, encourage training between team members, and improve detection, prevention & response capabilities across cloud and on-premise environments.
Common use cases for VECTR are measuring your defenses over time against the MITRE ATT&CK framework, creating custom red team scenarios and adversary emulation plans, and assisting with toolset evaluations. VECTR is meant to be used over time with targeted campaigns, iteration, and measurable enhancements to both red team skills and blue team detection capabilities. Ultimately the goal of VECTR is to help organizations level up and promote a platform that encourages community sharing of CTI that is useful for red teamers, blue teamers, threat intel teams, security engineering, any number of other cyber roles, and helps management show increasing maturity in their programs and justification of whats working, whats not, and where additional investment might be needed in tools and team members to bring it all together.
Purple Team Exercise Framework Workshop #PTEFJorge Orchilles
Purple Team exercises are an efficient and effective method of adversary emulation leading to the training and improvement of people, process, and technology. Red Teams and Blue Teams work together in a live production environment, emulating a selected adversary that has the capability, intent, and opportunity to attack the target organization provided by Cyber Threat Intelligence. Purple Team exercises are ‘hands on keyboard’ exercises where Red and Blue teams work together with an open discussion about each attack procedure and how to detect and alert against it.
Purple Team Exercise Framework #PTEF: https://www.scythe.io/ptef
Ethical Hacking Maturity Model: https://www.scythe.io/library/scythes-ethical-hacking-maturity-model
Definitions: https://medium.com/@jorgeorchilles/ethical-hacking-definitions-9b9a6dad4988
#ThreatThursday: https://www.scythe.io/threatthursday
#C2Matrix: https://thec2matrix.com/
Atomic Purple Team: https://github.com/DefensiveOrigins/AtomicPurpleTeam
SCYTHE Playbooks: https://github.com/scythe-io/community-threats
#ThreatHunting Playbooks: https://threathunterplaybook.com/introduction.html
VECTR: https://vectr.io/
Unicon: https://www.scythe.io/unicon2020
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
Threat intelligence is information that informs enterprise defenders of adversarial elements to stop them.
It is information that is relevant to the organization, has business value, and is actionable.
If you having all data and feeds then data alone isn’t intelligence.
#Threat #Intelligence #Forensics #ELK #Forensics #VAPT #SOC #SIEM #Incident #D3pak
Introduction of Ethical Hacking, Life cycle of Hacking, Introduction of Penetration testing, Steps in Penetration Testing, Foot printing Module, Scanning Module, Live Demos on Finding Vulnerabilities a) Bypass Authentication b) Sql Injection c) Cross site Scripting d) File upload Vulnerability (Web Server Hacking) Countermeasures of Securing Web applications
Sharpening your Threat-Hunting Program with ATTACK FrameworkMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour December 2020
By Hieu Tran, Threat Detection Team Lead FPT Cybersecurity Division
No matter how sophisticated and thorough your security precautions may be, you cannot assume your security measures are impenetrable. This is why you need a threat hunting program in place. But how can we implement a proper threat hunting program and run it efficiently? In this talk, we will uncover how to sharpen your threat hunting strategy by leveraging ATT&CK. Ultimately, we’ll be demonstrating how effectively employing the hunting methodology in the real-world battlefield, fighting against well-known cyber espionage actors who strongly focus on Southeast Asian countries like Vietnam, the Philippines, Laos, and Cambodia.
MITRE’s ATT&CK is a community-driven knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s life cycle and the platforms they are known to target. By scoping the wide breadth of the MITRE ATT&CK matrix to focus initially on the techniques used by threat actors you specifically care about, you can help the defenders create more useful and impactful detections first. Once you start emulating the appropriate threat actors, you can practice your defenses in a scenario that’s more realistic and applicable without the need for an actual intrusion. The speakers are providing a process and a case study of APT3 - a China-based threat group - for how to go from finding threat intelligence, sifting through it for actionable techniques, creating emulation plans, discovering how to emulate different techniques... to actually operating on a network. They are also providing a beginning "cheat sheet" for this actor to give a starting point for red and blue teams to accomplish these techniques in their own environment without the need to build their own tooling.
Dark web hosts several sites where criminals buy, sell, and trade goods and services. It includes drugs, weapons, exploits, insider information, etc. This is what makes it valuable to security researchers. Threat Intelligence obtained from the dark web can be crucial for any organization. Hunting on the dark web is not an easy task, and it involves lots of time and resources. It can help identify, profiling, and mitigate risks of any organization if done timely and appropriately. In this presentation, I will discuss why threat hunting on the dark web is important and how it can be done using different methodologies. I will also touch upon operational security and why it is essential while performing hunting on the dark web.
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Jorge Orchilles
Join Jorge Orchilles and Phil Wainwright as they cover how to show value during Red and Purple Team exercises with a free platform, VECTR. VECTR is included in SANS Slingshot C2 Matrix Edition so you can follow along the presentation and live demos.
VECTR is a free platform for planning and tracking of your red and purple team exercises and alignment to blue team detection and prevention capabilities across different attack scenarios. VECTR provides the ability to create assessment groups, which consist of a collection of Campaigns and supporting Test Cases to simulate adversary threats. Campaigns can be broad and span activity across the kill chain or ATT&CK tactics, from initial access to privilege escalation and lateral movement and so on, or can be a narrow in scope to focus on specific defensive controls, tools, and infrastructure. VECTR is designed to promote full transparency between offense and defense, encourage training between team members, and improve detection, prevention & response capabilities across cloud and on-premise environments.
Common use cases for VECTR are measuring your defenses over time against the MITRE ATT&CK framework, creating custom red team scenarios and adversary emulation plans, and assisting with toolset evaluations. VECTR is meant to be used over time with targeted campaigns, iteration, and measurable enhancements to both red team skills and blue team detection capabilities. Ultimately the goal of VECTR is to help organizations level up and promote a platform that encourages community sharing of CTI that is useful for red teamers, blue teamers, threat intel teams, security engineering, any number of other cyber roles, and helps management show increasing maturity in their programs and justification of whats working, whats not, and where additional investment might be needed in tools and team members to bring it all together.
Purple Team Exercise Framework Workshop #PTEFJorge Orchilles
Purple Team exercises are an efficient and effective method of adversary emulation leading to the training and improvement of people, process, and technology. Red Teams and Blue Teams work together in a live production environment, emulating a selected adversary that has the capability, intent, and opportunity to attack the target organization provided by Cyber Threat Intelligence. Purple Team exercises are ‘hands on keyboard’ exercises where Red and Blue teams work together with an open discussion about each attack procedure and how to detect and alert against it.
Purple Team Exercise Framework #PTEF: https://www.scythe.io/ptef
Ethical Hacking Maturity Model: https://www.scythe.io/library/scythes-ethical-hacking-maturity-model
Definitions: https://medium.com/@jorgeorchilles/ethical-hacking-definitions-9b9a6dad4988
#ThreatThursday: https://www.scythe.io/threatthursday
#C2Matrix: https://thec2matrix.com/
Atomic Purple Team: https://github.com/DefensiveOrigins/AtomicPurpleTeam
SCYTHE Playbooks: https://github.com/scythe-io/community-threats
#ThreatHunting Playbooks: https://threathunterplaybook.com/introduction.html
VECTR: https://vectr.io/
Unicon: https://www.scythe.io/unicon2020
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
Threat intelligence is information that informs enterprise defenders of adversarial elements to stop them.
It is information that is relevant to the organization, has business value, and is actionable.
If you having all data and feeds then data alone isn’t intelligence.
#Threat #Intelligence #Forensics #ELK #Forensics #VAPT #SOC #SIEM #Incident #D3pak
Introduction of Ethical Hacking, Life cycle of Hacking, Introduction of Penetration testing, Steps in Penetration Testing, Foot printing Module, Scanning Module, Live Demos on Finding Vulnerabilities a) Bypass Authentication b) Sql Injection c) Cross site Scripting d) File upload Vulnerability (Web Server Hacking) Countermeasures of Securing Web applications
Sharpening your Threat-Hunting Program with ATTACK FrameworkMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour December 2020
By Hieu Tran, Threat Detection Team Lead FPT Cybersecurity Division
No matter how sophisticated and thorough your security precautions may be, you cannot assume your security measures are impenetrable. This is why you need a threat hunting program in place. But how can we implement a proper threat hunting program and run it efficiently? In this talk, we will uncover how to sharpen your threat hunting strategy by leveraging ATT&CK. Ultimately, we’ll be demonstrating how effectively employing the hunting methodology in the real-world battlefield, fighting against well-known cyber espionage actors who strongly focus on Southeast Asian countries like Vietnam, the Philippines, Laos, and Cambodia.
MITRE’s ATT&CK is a community-driven knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s life cycle and the platforms they are known to target. By scoping the wide breadth of the MITRE ATT&CK matrix to focus initially on the techniques used by threat actors you specifically care about, you can help the defenders create more useful and impactful detections first. Once you start emulating the appropriate threat actors, you can practice your defenses in a scenario that’s more realistic and applicable without the need for an actual intrusion. The speakers are providing a process and a case study of APT3 - a China-based threat group - for how to go from finding threat intelligence, sifting through it for actionable techniques, creating emulation plans, discovering how to emulate different techniques... to actually operating on a network. They are also providing a beginning "cheat sheet" for this actor to give a starting point for red and blue teams to accomplish these techniques in their own environment without the need to build their own tooling.
Dark web hosts several sites where criminals buy, sell, and trade goods and services. It includes drugs, weapons, exploits, insider information, etc. This is what makes it valuable to security researchers. Threat Intelligence obtained from the dark web can be crucial for any organization. Hunting on the dark web is not an easy task, and it involves lots of time and resources. It can help identify, profiling, and mitigate risks of any organization if done timely and appropriately. In this presentation, I will discuss why threat hunting on the dark web is important and how it can be done using different methodologies. I will also touch upon operational security and why it is essential while performing hunting on the dark web.
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
It’s not just you. The frequency of severe vulnerabilities in internet-facing enterprise software being massively exploited at scale has increased drastically. The amount of time between disclosure and exploitation of these vulnerabilities has been reduced to near-zero, leaving defenders with less time to react and respond. While combating internet-wide opportunistic exploitation is a sprawling and complex problem, there is both an art and a science to staying ahead of large exploitation events such as Log4J.
In this talk we will share insights and challenges from operating a huge, shifting, adaptive, distributed sensor network listening to internet background noise and opportunistic exploitation traffic over the past four years. We will give a blunt state of the universe on mass exploitation. We will share patterns and unexplainable phenomena we’ve experienced across billions of internet scans. And we will make recommendations to defenders for preparing for the next time the cyber hits the fan.
All content not indexed by traditional web-based search engines is known as the DeepWeb. Wrongly been associated only with the Onion Routing (TOR), the DeepWeb's ecosystem comprises a number of other anonymous and decentralized networks. The Invisible Internet Project (I2P), FreeNET, and Alternative Domain Names (like Name.Space and OpenNic) are examples of networks leveraged by bad actors to host malware, high-resilient botnets, underground forums and bitcoin-based cashout systems (e.g., for cryptolockers).
We designed and implemented a prototype system called DeWA for the automated collection and analysis of the DeepWeb, with the goal of quickly identifying new threats as soon they appear.
In this talk, we provide concrete examples of how using DeWA to detect, e.g., trading of illicit and counterfeit goods, underground forums, privacy leaks, hidden dropzones, malware hosting and TOR-based botnets.
All content not indexed by traditional web-based search engines is known
as the DeepWeb. Wrongly been associated only with the Onion Routing
(TOR), the DeepWeb's ecosystem comprises a number of other anonymous and
decentralized networks. The Invisible Internet Project (I2P), FreeNET,
and Alternative Domain Names (like Name.Space and OpenNic) are examples
of networks leveraged by bad actors to host malware, high-resilient
botnets, underground forums and bitcoin-based cashout systems (e.g., for
cryptolockers).
We designed and implemented a prototype system called DeWA for the
automated collection and analysis of the DeepWeb, with the goal of
quickly identifying new threats as soon they appear.
In this talk, we provide concrete examples of how using DeWA to detect,
e.g., trading of illicit and counterfeit goods, underground forums,
privacy leaks, hidden dropzones, malware hosting and TOR-based botnets.
Learning Objective: Explore methods for obtaining a career in cybersecurity
Security threats are increasingly complex, coming from both in and outside organizations, making everyone vulnerable. Consequently, cybersecurity has become one of the most dynamic fields in information technology (IT). It combines IT with crime-fighting, and global organizations are leading the search for skilled professionals. Since women represent less than 25 percent of the global cybersecurity workforce, recruiting more people of color is essential. This environment requires diverse professionals who can bring expertise and skills to these challenging times. Join our expert panel as they discuss how to get certified, gain experience, and land your first job in this in-demand industry.
At the end of this session, participants will be able to:
a. Present your non-traditional resume in a way that is attractive to the recruiter.
b. Examine tools and resources to enhance your journey to mastering cybersecurity.
c. Explore tips on gaining experience before applying to jobs.
Web application security and why you should review yours, is a whole stack look skydive without a parachute, let's try not to die as we explore what is an attack surface, Arcronym hell, Vulnerability naming, Detection or provention is there a place for both or none, emerging oss technologies which can help you, a firehose review of compromises 2014 through 2018, and finally a live compromise demo covering everything we've discussed as being 'bad' ... or as often happens the backup video.
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016Danny Akacki
We can all agree that threat detection is an essential component of a functioning security monitoring program. Let's start thinking about how to take our tradecraft to the next level and hunt for ways for evil to do evil things. This talk will run through some of the observations gathered during hunting expeditions inside the networks of multiple Fortune ranked organizations. We hope to challenge you to expand your security operations, moving beyond traditional signature based detection.
Computer security pertains to the implementation of safeguards and regulations aimed at guaranteeing the secrecy, reliability, and accessibility of information that undergoes processing and resides within a computer system. This encompasses a broad spectrum of efforts, ranging from shielding tangible information resources to upholding the security of data and adhering to prudent computer safety protocols. Also introduction to security on computer devices whose aim is to secure assets on computers starting from malware, suspicious anomalies.
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Codero
Codero is an Infrastructure-as-a-Service provider that offers dedicated, cloud, managed and hybrid hosting services to over 3,400 domestic and international customers from three data center locations. We are at an interesting vantage point where we see all sorts of interesting things – this presentation will focus as a ‘report from the field’ related to cybersecurity from our position.
Explore the enigmatic Dark Web in 'Dark Web – What it is & How Does it Work' by Onsite Helper. Uncover its secrets and understand its mechanics in this illuminating guide.
Visit - https://onsitehelper.com/dark-web-what-it-is-how-does-it-work/
HITB2013AMS Defenting the enterprise, a russian way!F _
This presentation was delivered at HITB 2013 Amsterdam as a lab session of enterprise defensive techniques and covers range of aspects from picking drive by download attacks to targeted mails.
Similar to Automating Threat Hunting on the Dark Web and other nitty-gritty things (20)
All about Cyber Security - From the perspective of a MS studentApurv Singh Gautam
This seminar was delivered for Cyber Security certification students of Symbiosis Insitute of Technology. This includes why cybersecurity is important, how to make your profile stronger for MS, howto stand out from the crowd by doing rpojects, etc.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
2. $whoami
◎ Apurv Singh Gautam (@ASG_Sc0rpi0n)
◎ Security Researcher, Threat Intel/Hunting
◎ Cybersecurity @ Georgia Tech
◎ Prior: Research Intern at ICSI, UC Berkeley
◎ Hobbies
◎ Contributing to the security community
◎ Gaming/Streaming (Rainbow 6 Siege), Hiking,
Lockpicking, etc.
◎ Social
◎ Twitter - @ASG_Sc0rpi0n
◎ Website – https://apurvsinghgautam.me
2
3. Agenda
◎ Introduction to the Dark Web
◎ Why hunting on the Dark Web?
◎ Methods to hunt on the Dark Web
◎ Can the Dark Web hunting be automated?
◎ Process after hunting?
◎ OpSec? What’s that?
◎ Conclusion
3
5. Clear Web? Deep Web? Dark Web?
5
Image Source: UC San Diego Library
6. Accessing the Dark Web
◎ Tor /I2P/ZeroNet
◎ .onion domains/.i2p domains
◎ Traffic through relays
6Image Sources: Hotspot Shield, Tor Project, I2P Project, ZeroNet
7. What’s all the Hype?
◎ Hype
○ Vast and mysterious part of the Internet
○ Place for cybercriminals only
○ Illegal to access the Dark Web
◎ Reality
○ Few reachable onion domains
○ Uptime isn’t ideal
○ Useful for free expression in few countries
○ Popular sites like Facebook, NYTimes, etc.
○ Legal to access the Dark Web
7
8. Relevant sites?
◎ General Markets
◎ PII & PHI
◎ Credit Cards
◎ Digital identities
◎ Information Trading
◎ Remote Access
◎ Personal Documents
◎ Electronic Wallets
◎ Insider Threats
8
Image Source: Intsights
9. Cost of products?
◎ SSN - $1
◎ Fake FB with 15 friends - $1
◎ DDoS Service - $7/hr
◎ Rent a Hacker - $12/hr
◎ Credit Card - $20+
◎ Mobile Malware - $150
◎ Bank Details - $1000+
◎ Exploits or 0-days - $150,000+
◎ Critical databases - $300,000+
9
14. What is Threat Hunting?
◎ Practice of proactively searching for cyber threats
◎ Hypothesis-based approach
◎ Uses advanced analytics and machine learning
investigations
◎ Proactive and iterative search
14
15. Why So Serious (Eh! Important)?
◎ Hacker forums, darknet markets, dump shops, etc.
◎ Criminals can learn, monetize,
trade, and communicate
◎ Identification of compromised assets
◎ Can potentially identify attacks in
earlier stages
◎ Direct impacts – PII (Personal Info),
financial, EHRs (healthcare records), trade secrets
◎ Indirect impacts – reputation, revenue loss, legal penalties
15
16. Benefits of Threat Hunting
◎ Keep up with the latest trends of attacks
◎ Prepare SOCs/Incident Responders
◎ Get knowledge of TTPs (Tactics, Techniques, Procedures)
to be used
◎ Reduce damage and risks to the organization
16
20. HUMINT
◎ Human Intelligence
◎ Most dangerous and difficult form
◎ Most valuable source
◎ Infiltrating forums, markets, etc.
◎ Become one of them
◎ How threat actors think
◎ Can be very risky
◎ Time consuming
20
Image Source: Intsights
26. Threat Modelling
◎ “works to identify, communicate, and understand threats
and mitigations within the context of protecting something
of value” – OWASP
◎ Define critical assets
◎ Understand what attackers want
◎ Threat actor capability and intent
◎ Sources to target
26
Image Source: David Bianco
27. Data Collection/Processing
◎ Collecting data from clear web
○ Pastebin
○ Twitter
○ Reddit
◎ Collecting data from dark web
○ Forums
○ Markets
27
Image Source: Blueliv
30. What is OpSec?
◎ Actions taken to ensure that information leakage doesn’t
compromise you or your operations
◎ Derived from US military – Operational Security
◎ PII – Personally Identifiable Information
◎ Not just a process – a mindset
◎ OpSec is Hard
30
31. Maintaining OpSec in your lifestyle
◎ Hide your real identity
◎ Use VM/Lab or an isolated system
◎ Use Tor or Tor over VPN always
◎ Change Time zones
◎ Never talk about your work
◎ Maintain different persona
◎ Take extensive notes
◎ Use password manager
31
33. What we discussed so far?
◎ Little about the Dark Web
◎ Dark Web forums/marketplaces
◎ Dark Web threat hunting
◎ Scrapy
◎ HUMINT
◎ Automating the Dark Web hunting
◎ Little about threat intelligence lifecycle
◎ A little about OpSec
33
34. I don’t know how to conclude but..
◎ Dark Web threat hunting is hard but worth the effort
◎ Keep OpSec in mind
◎ Look at more than one resource
◎ Takes a lot of resources and team effort
◎ Usage of MITRE ATT&CK framework
34
35. Resources
◎ Blogs & White papers by Recorded Future
◎ White papers by IntSights
◎ Blogs by Palo Alto’s Unit 42
◎ Blogs by CrowdStrike
◎ Blogs by CloudSEK
◎ White papers by Digital Shadows
◎ Darkweb Cyber Threat Intelligence Mining by Cambridge
University Press
35
Clear web: Sites that are indexed by search engines
Deep web: Sites that are not indexed by search engines
Dark web: Sites that require special software, configuration or authorization to access
The Onion Router/Invisible Internet Project
16- or 56-character alphanumeric identifier strings
anonymization
Decentralized system
3-layer proxy
Publicly listed entry node, middle relay and exit node (entry nodes doesn’t know the exit node)
Original data encrypted in layers – onion analogy
IP address is hidden
Routes traffic through a series of interconnected volunteer systems called relays (about 6000 relays for Tor)
Dark web is not equal to criminality
Smaller than clear web if compared from availability perspective (uptime)
Tor browser circumvents surveillance – free expression in some countries
Whistleblowing or Activism, safe haven for journalists, access to literature & research
Dark web is many things but not just the vast network of criminals
Home to many other people who don’t want surveillance on them die to their nature of the work
Legal to access dark web but illegal to participate in any illicit business
Choose your target
Threat Modelling
Recent news
500,000 Zoom accounts sold on dark web
267 million FB User profiles for $540
And many other
Logs, IOCs, textual data, etc.
Nothing concrete about this process
You take one use case and work on that then another and it goes on an on
Choose your target sources – useful for your organization
Threat Modelling
Learn – criminals learn new methods and techniques
Monetize – monetize their skills
Trade – trade their exploits/tools, drugs, weapons
Communicate – communicate with other criminals
Can learn a lot on engaging with these communities
The intelligence from dark web isn’t available anywhere else
Identify attackers,
vulnerability prioritization
in planning and recon stages
Takes a lot of time, If done properly, it can even identify attacks in planning and recon stages
Brand protection
New TTPs
Identifying insider threats
Discover data breaches
Scrapy - web-crawling framework - multithreading capability
OnionScan - open source tool for investigating the Dark Web, scanning different onion sites for vulnerabilities, correlations between sites, etc
Socks – Socket Secure – used SOCKS protocol – can’t read data
http proxy vs socks proxy – lower level proxy
Different ways of using socks proxy – tsocks, polipo, Privoxy, etc.
Privoxy – web proxy – scrapy cannot use socks proxy so route through Privoxy (tor with socks – layer of protection) - to hide using tor from your ISP
Use VPN + SOCKS for extra protection - hide your activity and get real safe access - can’t trust entry and exit nodes
Scrapy Splash library – for javascript
Torch
Onion Wiki
Search engines like Kilos, Recon
1. The Engine gets the initial Requests to crawl from the Spider.
2. The Engine schedules the Requests in the Scheduler and asks for the next Requests to crawl.
3. The Scheduler returns the next Requests to the Engine.
4. The Engine sends the Requests to the Downloader, passing through the Downloader Middlewares
5. Once the page finishes downloading the Downloader generates a Response (with that page) and sends it to the Engine, passing through the Downloader Middlewares
6. The Engine receives the Response from the Downloader and sends it to the Spider for processing, passing through the Spider Middleware
7. The Spider processes the Response and returns scraped items and new Requests (to follow) to the Engine, passing through the Spider Middleware
8. The Engine sends processed items to Item Pipelines, then send processed Requests to the Scheduler and asks for possible next Requests to crawl.
9. The process repeats (from step 1) until there are no more requests from the Scheduler.
Middlewares – ProxyMiddleware(relaying through Privoxy and tor), LoginMiddleware (using user_agent, cookies/bypassing captchas, checking login), Captcha solving websites - deathbycapthca, anticaptcha, etc
Process of gathering intelligence through interpersonal contact and engagement, rather than by technical processes
As attacks are human-driven, to anticipate, Identify and respond to attacks requires human skill and effort
In The Art of War, Chinese military strategist Sun Tzu wrote: “To know your Enemy, you must become your Enemy.”
Understanding the motives and tendencies behind your adversaries is a key to any type of warfare, including cyber warfare
It’s the high-tech equivalent of what an undercover FBI agent does when he or she spends months or years working to infiltrate a criminal organization.
Using HUMINT to bolster Threat Hunting – Post Attack Investigation, New Attack Vector Discovery, etc
Dark web links – collect forum/DNMs links
Socks proxies – run socks proxy script to collect several socks proxies to route tor through them
Different crawlers for different forums
Scrapy setup – setup login for each forum, setup several settings including headers, cookies, ignored links, captcha bypass, etc
Talk about captcha bypass (captcha solving services like deathbycapthca, anticaptcha, etc.)
Crawler - crawls html pages of the forums
Parser – parses html pages (taking only relevant texts from the html) – post_id, post_content, post_author, author_status, reputation, item_price, etc.
Analyzer – uses NLP techniques to evaluate the content that is relevant to the threat model and stores them into the ES database.
Design/Train NLP model – design and train NLP model on the content that is relevant to your threat model and apply it on new data
Egg and chicken problem (data gathering vs training on data)
Many unsupervised learning models – lda, seeded lda, etc.
Direction - identify dark web forums, acquire access
Collection - establish anonymous access, collect raw data
Processing - parsing raw HTML data, machine translation, extract topics and authors
Analysis - infer relationships , link data sources, identify trends, hacks and leaks
Dissemination - visualization in dashboards, alerts and reports
Critical assets - databases holding customer data, payment processing systems, employee access systems, trading platforms or exchanges, or Enterprise Resource Planning (ERP) applications
Threat actor capability & intent – define types of actors like hacktivists, insiders, criminal groups, etc. and know their capability.
Consider why an attacker wants to target your organization? What do they hope to gain? What are their goals?
Chose your target on dark web - which site do you want to go for – credit card markets, insider threats market, general markets, etc.
Prioritize risks – use pyramid of pain for that - IOCs
Chose on clear web – sites like pastebin, twitter, etc.
Crawler and Parser
NLP techniques – LDA, BERT, GPT, GPT-2, GPT-3
Social network analysis – analysis of the users
Classification – binary or multi-class classification
Clustering – clustering of products according to categories
Services provided by different companies or code your system from ground up
MITRE ATT&CK - knowledge base of adversary tactics and techniques (TTPs) based on real-world observations.
Use ATT&CK matrix to map the intelligence you obtained to better understand the TTPs
the practice of hiding yourself online by disassociating your online persona with your real self
We are all humans
We desire to be seen knowledgeable and to impress others
Leads to gossip, brag, and overshare
PII – personal information that can identify you – full name, SSN, driver’s license, bank account, email, passport number, etc.
You have to do opsec from the beginning/proactivly because you can't do opsec "retroactively"
Never store any personal information on the VM or the system you are accessing dark web from
Clean/Wipe all the data before leaving the system and start fresh the other day
Watch what you say to whom and where
Think before you post
Have different persona on different sites, don’t mix it., Have a back story for each personas
Take notes so you don’t mess up the personas
It’s a 24x7 thing to do and not during your job duration
You can’t work 9-5 as that would be a tip off that you are not a threat actor.
Develop appropriate language skills and slang skills
You don’t get the intelligence from anywhere else
Look at more forums