This resume summarizes Behzad Behnia's personal and professional experience. He has over 8 years of experience as a drilling fluids engineer in Iran and the UAE, currently working as a lead engineer at MI-Services since 2007. He has a BSc and MSc in chemistry from Gachsaran University in Iran. He has extensive experience with various mud systems and wells on land and offshore rigs under challenging conditions.
Knowledge and identification of Malware binaries is a crucial part of detection and incident response. There was a time when using MD5s was sufficient to ID binaries. The reverse engineering analysis conducted once would be useful anytime that same MD5 hash was seen again. This has rapidly changed in recent years. Polymorphic samples of the same specimen change the file hash (MD5, SHAx etc) without much effort by the attacker. Also, cyber criminals and advanced adversaries reuse their codebase to create newer versions of their malware, but changes in the file hash disallow any opportunity to connect and leverage previous analyses of similar samples by defenders. This gives them an asymmetric advantage.
In recent years, there has been research into “similarity metrics”― methods that can identify whether, or to what degree, two malware binaries are similar to each other. Imphash, ssdeep and sdhash are examples of such techniques. In this talk, Bhavna will review which of these techniques is more suitable for evaluating similarities in code for APT related samples. This presentation will take a data analytics approach. We will look at binary samples from APT events from Jan- Mar 2015 and create clusters of similar binaries based on each of the three similarity metrics under consideration. We will then evaluate the accuracy of the clusters and examine their implications on the effectiveness of each technique in identifying provenance of an APT related binary. This can aid Incident responders in connecting otherwise disparate infections in their environment to a single threat group and apply past analyses of the abilities and motivations of that adversary to conduct more effective response.
Knowledge and identification of Malware binaries is a crucial part of detection and incident response. There was a time when using MD5s was sufficient to ID binaries. The reverse engineering analysis conducted once would be useful anytime that same MD5 hash was seen again. This has rapidly changed in recent years. Polymorphic samples of the same specimen change the file hash (MD5, SHAx etc) without much effort by the attacker. Also, cyber criminals and advanced adversaries reuse their codebase to create newer versions of their malware, but changes in the file hash disallow any opportunity to connect and leverage previous analyses of similar samples by defenders. This gives them an asymmetric advantage.
In recent years, there has been research into “similarity metrics”― methods that can identify whether, or to what degree, two malware binaries are similar to each other. Imphash, ssdeep and sdhash are examples of such techniques. In this talk, Bhavna will review which of these techniques is more suitable for evaluating similarities in code for APT related samples. This presentation will take a data analytics approach. We will look at binary samples from APT events from Jan- Mar 2015 and create clusters of similar binaries based on each of the three similarity metrics under consideration. We will then evaluate the accuracy of the clusters and examine their implications on the effectiveness of each technique in identifying provenance of an APT related binary. This can aid Incident responders in connecting otherwise disparate infections in their environment to a single threat group and apply past analyses of the abilities and motivations of that adversary to conduct more effective response.
Over the years Cooling Tower treatment involves heavy use of chemicals. Unfortunately these chemicals are not only costly, but also adds minerals in the water. This reduces Cycles Of Concentration [COC] & as a result in high blow down & more make up water demand. Using ozone operating cost is drastically reduced & blow down water quantity also reduces.
BSA2016 - Honeypots for Network Security Monitoringchrissanders88
At the BSides Augusta 2016 conference, I presented the economic challenges of defensive security and how honeypots can be used for cost effective network security monitoring.
Over the years Cooling Tower treatment involves heavy use of chemicals. Unfortunately these chemicals are not only costly, but also adds minerals in the water. This reduces Cycles Of Concentration [COC] & as a result in high blow down & more make up water demand. Using ozone operating cost is drastically reduced & blow down water quantity also reduces.
BSA2016 - Honeypots for Network Security Monitoringchrissanders88
At the BSides Augusta 2016 conference, I presented the economic challenges of defensive security and how honeypots can be used for cost effective network security monitoring.
1. Resume
Behzad Behnia
Personal Data:
Address : No, 67, 3rd
west Alley, Besat blvd., Central Janat Abad, Hemat Highway, Tehran, Iran
Mobile : +98-939-211-8610, +98-916-806-4911
E-mail : behzad_behnia2000@yahoo.com
Date of Birth : 13, October, 1979
Marital Status : Married
Current Position : Lead Drilling Fluids Engineer
Company : MI-Services
Start- End Date of job : July, 2007- present day
Education:
B. Sc. In Applied Chemistry, Gachsaran University, Iran.
M.Sc. In Organic Chemistry, Gachsaran University, Iran.
Thesis Title: Synthesis of Ethers from direct reaction of Alcohol and carboxylic acid in solute & solid phase.
Graduation Year: 2006
Certificated Courses:
Basic Mud School (2007, Dubai, UAE)
MI Software; ONETRAX(2007, Dubai, UAE)
Advanced Mud School Dubai(2013, Dubai, UAE)
HSE coordinator school(Various)
Offshore survival (Various)
H2S Awareness and SCBA Training, First aid and fire fighting(Various)
Computer and Internet Skills
Fully Operating Microsoft office package(Excel , Word, power point)
Fully Operating MI-SWACO software(ONETRAX)
Developed internet-search skills through extensive exposure and use of the web.
Language skills
English: Fluent speaking and writing.
Persian: Mother Tongue.
Arabic: A little.
Work experience (More than 8 years)
July 2007– Sep 2007 Trainee Mud engineer
October 2007– Sep 2009 Junior Mud engineer
Oct 2009 – Present day Senior Mud Engineer
2. I have Worked in land and offshore rigs in Iran, UAE with various types of mud. Encountered various hole
problems such as; tight hole, Loss Zones (With Partial, Severe, complete loss) Salt Water Kick zones, High pressure
Gas Zones, Hole instability, Faulted areas.
Details of skills:
Prepare mud for different hole sections and pills needed while drilling operation.
Test fluid properties and apply treatments needed.
Experienced and knowledgeable on all aspects of drilling and drilling fluids.
Perform pilot tests to find out moderate properties of mud depend on drilling situation.
Understand safety rules during work at well site.
Familiar with drilling fluids, mud materials properties, mixing order, Needful treatment.
Maintain the inventory at customer well sites.
Providing real-time solution for drilling problems and providing technical support for customer projects
Prepare, test and monitor drilling fluid, according to API standards
Analyze fluid hydraulics and recommend adjustments in drilling parameters accordingly
Balance between fluid performance and proposed cost estimates
Handles logistics, material transactions and inventory on well site
Provide a daily reporting system to operator, illustrating all fluid related operation, tests and sales.
Additional information:
I have master degree in organic Chemistry which helps me have a suitable view of what is happening in mud
system and how it treats with different formation lithologies and choose the best system for mud and treatment.
Field Exposure
Vertical, deviated, Horizontal exploration and development Wells
Water Base Mud, Oil Base Mud & completion fluids.
Land, Jack-up Rigs
Mud Systems
Salt Saturated Polymer Mud
KCl Polymer Mud
Glycol KCl PHPA Polymer Mud
CaCO3 Salt Polymer Mud
Spud Mud
Completion Brine
Cleaning Pills
Weighted Mud(up to 18 ppg)
Oil Base Mud(O/W Ratio: 60/40, 70/30, 80/20, 90/10)
PHG and Guar Gum Pills (for drilling top hole)
3. Specific Wells
Contractor/
Operator
Rig Name Country/ Field Fluid Type Dens.
ppg
Dep.
(MD)
Inc. Temp
(F)
Rig
Type
Transocean Atlantic UAE FLOPRO/Completion 10.0 3200 60 275 Jack up
OMV/
Great Wall
Great Wall-
28
Iran/Band
Karkheh
KCl/Polymer Mud 11 4500 Vertical 300 Land
POGC/
NIDC
SAGA II Iran/South
Pars, Phase 9
KCl/Polymer Mud 13 3500 60-90 240 Jack up
POGC/
NIDC
SAGA II Iran/South
Pars, Phase 10
CaCO3/ KCl/Polymer
Mud
16 3800 60-90 240 Jack up
POGC/
PetroIran
DD6 Iran/South
Pars, Phase 10
Glycol /KCL/Polymer
Mud
10.7 3500 30-60 200 Jack up
POGC/
NIDC
SAGA II Iran/South
Pars, Phase 10
CaCO3/S.Sat./Polymer
Mud
12 3800 60-90 240 Jack up
NISOC/
NIDC
Rigs 62,
42,51
Iran/Azadegan Glycol/KCL/PHPA/Polym
er Mud
10 3950 Vertical/
60-90
240 Land
DANA/
Saipem,
COSL
Rigs PN3,
COSL Craft
Iran/South
Pars, Phase 15,
16
CaCO3/NaCl/Polymer
Mud
12.5 3900 60-90 240 Jack up
IOOC/
NIDC
Slant Rig/
Modares
Iran/Aboozar CaCO3/NaCl/Polymer
Mud
9.6 4200 60-90 230 Slant
IOOC/ Hall
worthy
FD9 Iran/ Foroozan
Various phases
Oil Base Mud 9-10 4100 60-90 240 Jack up
Petro Pars/
ABAN
ABAN 8 Iran/South
Pars, Phase 17,
18
Glycol/ KCl/Polymer
Mud
12 4200 30-60 180 Jack up
PEDEC/
Naftkav
Rigs 101,
103
Iran/Yaran Field PHG,
Salt Polymer Mud
Glycol/Kcl/Polymer Mud
9.5-
12
4200 30-60 170 Land