Incident Response Tactics with Compromise Indicators - a short presentation on use of Indicators of compromise at RusCrypto 2014. The presentation covers opensource projects and standards (such as openioc) and possible practical applications.
Honeycon2014: Mining IoCs from Honeypot data feedsF _
The document discusses mining indicators of compromise (IOCs) from honeypot systems. It covers IOC standards like OpenIOC and STIX, analyzing data from honeypots in Russia and Taiwan to extract IOCs like malicious domains, IP addresses and file hashes. The IOCs can help identify compromise events and emerging threats that real networks may face.
This document outlines an presentation on indicators of compromise (IOCs). It discusses IOC standards like OpenIOC and STIX, how to mine and apply IOCs through case studies and practical tasks analyzing network traffic, HTTP logs, and antivirus logs. The document provides examples of IOCs like an exploit pack trace and a Nuclearsploit pack description.
This document outlines the course for Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker. The course contains 8 modules that cover topics such as introduction to ethical hacking, footprinting and reconnaissance, scanning networks, enumeration, and system hacking. Each module provides in-depth information on key concepts, methodologies, threats, and tools related to that stage of the ethical hacking process. The goal is to teach students how to effectively hack systems for penetration testing purposes while avoiding any illegal activities.
Ceh v8 labs module 02 footprinting and reconnaissanceAsep Sopyan
Penetration testers begin the process of footprinting by gathering information about a target network without directly interacting with systems. The ping utility can be used to determine the IP address of a target, check connectivity, and identify the maximum frame size of the network. Footprinting involves meticulously studying publicly available information to gain insights that aid in penetration testing by revealing potential vulnerabilities and pathways for attacks.
Introducing Intelligence Into Your Malware AnalysisBrian Baskin
With malware becoming more prevalent, and the pool of capable reversers falling short of overall need, there is a greater need to provide quick and efficient malware analysis for network defense. While many analysts have a grasp on how to appropriately reverse malware, there is large room for improvement by extracting critical indicators, correlating on key details, and cataloging artifacts in a way to improve your corporate response for the next attack. This talk will cover beyond the basics of malware analysis and focus on critical indicators that should analysts should focus on for attribution and better reporting.
This document discusses techniques for obfuscating URLs to hide malicious intent. It begins with an overview of URL shortening services that can be used to hide the destination of a link. Various methods for obfuscating URLs are then described, including encoding IP addresses in octal format, URL encoding, and tricks involving the URI structure. The document provides a challenge for safely deconstructing an obfuscated URL step-by-step either manually or automatically. It concludes with an explanation of how the challenge URL was obfuscated using chaining of different techniques.
Sniffing tools can capture network traffic to analyze packets and view sensitive information like usernames and passwords transmitted in cleartext. Network administrators can use these same tools legitimately to monitor network traffic and troubleshoot issues. This lab will demonstrate how to install and use the OmniPeek Network Analyzer to sniff network traffic between a host Windows Server 2012 machine and a Windows 8 virtual machine. The objectives are to familiarize students with network sniffing, packet analysis, and securing the network from attacks.
Honeycon2014: Mining IoCs from Honeypot data feedsF _
The document discusses mining indicators of compromise (IOCs) from honeypot systems. It covers IOC standards like OpenIOC and STIX, analyzing data from honeypots in Russia and Taiwan to extract IOCs like malicious domains, IP addresses and file hashes. The IOCs can help identify compromise events and emerging threats that real networks may face.
This document outlines an presentation on indicators of compromise (IOCs). It discusses IOC standards like OpenIOC and STIX, how to mine and apply IOCs through case studies and practical tasks analyzing network traffic, HTTP logs, and antivirus logs. The document provides examples of IOCs like an exploit pack trace and a Nuclearsploit pack description.
This document outlines the course for Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker. The course contains 8 modules that cover topics such as introduction to ethical hacking, footprinting and reconnaissance, scanning networks, enumeration, and system hacking. Each module provides in-depth information on key concepts, methodologies, threats, and tools related to that stage of the ethical hacking process. The goal is to teach students how to effectively hack systems for penetration testing purposes while avoiding any illegal activities.
Ceh v8 labs module 02 footprinting and reconnaissanceAsep Sopyan
Penetration testers begin the process of footprinting by gathering information about a target network without directly interacting with systems. The ping utility can be used to determine the IP address of a target, check connectivity, and identify the maximum frame size of the network. Footprinting involves meticulously studying publicly available information to gain insights that aid in penetration testing by revealing potential vulnerabilities and pathways for attacks.
Introducing Intelligence Into Your Malware AnalysisBrian Baskin
With malware becoming more prevalent, and the pool of capable reversers falling short of overall need, there is a greater need to provide quick and efficient malware analysis for network defense. While many analysts have a grasp on how to appropriately reverse malware, there is large room for improvement by extracting critical indicators, correlating on key details, and cataloging artifacts in a way to improve your corporate response for the next attack. This talk will cover beyond the basics of malware analysis and focus on critical indicators that should analysts should focus on for attribution and better reporting.
This document discusses techniques for obfuscating URLs to hide malicious intent. It begins with an overview of URL shortening services that can be used to hide the destination of a link. Various methods for obfuscating URLs are then described, including encoding IP addresses in octal format, URL encoding, and tricks involving the URI structure. The document provides a challenge for safely deconstructing an obfuscated URL step-by-step either manually or automatically. It concludes with an explanation of how the challenge URL was obfuscated using chaining of different techniques.
Sniffing tools can capture network traffic to analyze packets and view sensitive information like usernames and passwords transmitted in cleartext. Network administrators can use these same tools legitimately to monitor network traffic and troubleshoot issues. This lab will demonstrate how to install and use the OmniPeek Network Analyzer to sniff network traffic between a host Windows Server 2012 machine and a Windows 8 virtual machine. The objectives are to familiarize students with network sniffing, packet analysis, and securing the network from attacks.
This document provides an introduction to malware analysis through a presentation. It discusses key concepts like Zeus malware, behavioral analysis through tools like NetworkMiner and Wireshark, reverse engineering malware using tools like OllyDbg, and submitting samples to VirusTotal for analysis. The presentation emphasizes setting up an analysis workstation, analyzing malware behavior on networks and systems, reverse engineering code to understand malware functionality, and using virtual environments and tools safely to explore malware without risking real systems. It provides examples of real malware like Zeus to illustrate analysis concepts and techniques.
Software Analytics:Towards Software Mining that Matters (2014)Tao Xie
This document discusses software analytics and summarizes several related papers and projects. It introduces Software Analytics, which aims to enable software practitioners to perform data exploration and analysis to obtain useful insights. It then summarizes papers on techniques for performance debugging by mining stack traces, scalable code clone analysis, incident management for online services, and using games to teach programming.
This document provides an overview of reversing and malware analysis training. It discusses the purpose of malware analysis, different analysis techniques including static analysis, dynamic analysis and memory analysis. It provides examples of tools used for each technique like strings, PEview, and Volatility. The document demonstrates these concepts on a Zeus bot sample, showing its network activity, process and registry behavior through monitoring tools. Memory analysis with Volatility reveals hidden processes and network connections. The training aims to understand a malware's behavior and interaction with the system.
Stuxnet was a sophisticated malware targeting industrial control systems that was attributed to nation-state sponsorship. The document discusses techniques for attributing malware through analysis of exploits, code quality, debug symbols, and automation. Attribution aims to profile adversary capabilities and differentiate between state-sponsored and criminal actors. Analysis of Stuxnet found use of older vulnerabilities, custom payloads, and insider knowledge of target systems, suggesting a high level of technical skill and resources from a nation state.
Software Analytics: Data Analytics for Software Engineering and SecurityTao Xie
Frodo Baggins presents on software analytics for software engineering and security tasks. The presentation discusses how software and how it is built and used is changing, with data now being ubiquitous and software having continuous development and release. Software analytics aims to enable software practitioners to perform data exploration and analysis to obtain useful insights. Examples of software analytics techniques discussed include XIAO for scalable code clone analysis, and SAS for incident management of online services. The presentation then shifts to discussing software analytics techniques for mobile app security, including WHYPER for natural language processing on app descriptions to link permissions to functionality, and AppContext for machine learning to classify malware.
This document outlines the course for the Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker. The course covers topics such as introduction to ethical hacking, footprinting and reconnaissance, scanning networks, enumeration, and system hacking. It details specific methodologies, tools, attacks, and defenses for each of these areas to provide students with the skills of an ethical hacker to conduct security assessments and penetration tests. The course aims to teach students how to identify security vulnerabilities and protect systems by knowing how real-world attackers operate.
buffer overflow occurs when a program or process attempts to write more data to a fixed length block of memory, or buffer, than the buffer is allocated to hold. ... Exploiting a buffer overflow allows an attacker to control or crash the process or to modify its internal variables
Fast and Generic Malware Triage Using openioc_scan Volatility PluginTakahiro Haruyama
This document describes a Volatility Framework plugin called openioc_scan that allows for fast and generic malware triage using open Indicators of Compromise (IOCs). The plugin supports OpenIOC 1.1 format files and can detect unknown threats based on generic malware traits like unusual executable paths, code injection, and hiding data in NTFS extended attributes. Some limitations include false positives and an inability to detect certain behaviors on 64-bit systems. Open source tools and generic IOCs are available for download to help analysts detect threats.
This 5-day Certified Ethical Hacker training course teaches students how to scan, test, hack, and secure their own systems by learning the techniques used by hackers. The course covers topics like footprinting, scanning, enumeration, system hacking, viruses, sniffers, denial of service attacks, session hijacking, web server hacking, web application vulnerabilities, password cracking, SQL injection, and wireless and cryptography attacks. The goal is to help security professionals and network administrators enhance cybersecurity by thinking like an attacker in order to defend systems from real-world threats.
Indicators of Compromise were meant to solve the failures of signature-based detection tools. Yet today’s array of IOC standards, feeds and products haven’t impeded attackers, and most intel is shared in flat lists of hashes, IPs and strings. This session will explore why IOCs haven’t raised the bar, how to better utilize brittle IOCs and how to use intrinsic network data to craft better IOCs.
(Source: RSA USA 2016-San Francisco)
The document summarizes the results of a final exam on advanced PC security. The exam evaluated the test taker's knowledge on topics related to hacking, social engineering, wireless security, search tools, anonymity, and computer forensics. The test taker answered 37 out of 39 questions correctly, achieving a score of 97%. The summary congratulates the test taker on their good work.
This document provides an overview of a workshop on iForensics prevention. The workshop covers topics such as the hacker subculture, TCP/IP fundamentals, reconnaissance techniques, compromising networks, effective Windows and Unix countermeasures, and advanced security techniques. It also discusses statistics on internet fraud and provides a catalog of security products. The goal is to help participants identify common vulnerabilities and protect themselves from cyber threats.
This document provides an overview of an iForensics Prevention Workshop that aims to help organizations identify vulnerabilities to corporate espionage. The workshop covers topics like the hacker subculture, TCP/IP fundamentals, reconnaissance techniques, and compromising networks. It discusses common intrusion methods gleaned from historical data and outlines specific areas the workshop will address, including network mapping, fingerprinting, scanning, exploiting services, and buffer overflows. Following the workshop, a security consultant will assess specific vulnerabilities at each participating business.
The document summarizes the contents of an iForensics Prevention Workshop. The workshop covers topics related to corporate espionage and cybercrime, including the hacker subculture, TCP/IP fundamentals, reconnaissance techniques, and compromising networks. Attendees will learn about common vulnerabilities, penetration methods, and how to identify security risks. After the workshop, a security consultant will assess specific vulnerabilities at each participating business. The goal is to help businesses protect themselves from the estimated $2 billion in losses each year due to corporate espionage.
The document outlines the course modules for an Ethical Hacking and Countermeasures exam certification. It details 15 modules that cover topics such as introduction to ethical hacking, footprinting and reconnaissance, scanning networks, enumeration, system hacking, hiding files, and information security laws and standards. The modules provide overviews of hacking concepts and methodologies, describe various hacking techniques and tools, and discuss relevant countermeasures.
Become a Certified Ethical Hacker at Blitz Academy | Near Meshyamv3005
Discover the best ethical hacking course near you at Blitz Academy! Get certified and become an expert in ethical hacking techniques. Enroll today at our top-rated institute near you.
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Black Duck by Synopsys
It’s an acronym-filled issue of Open Source Insight, as we look at the question of SCA (software composition analysis) and how it fits into the DevOps environment. The DHS (Department of Homeland Security) has concerning security gaps, according to its OIG (Office of Inspector General). Can the CVE (Common Vulnerabilities and Exposures) gap be closed? The GDPR (General Data Protection Regulation) is bearing down on us like a freight train, and it’s past time to include open source security into your GDPR plans.
Plus, an intro to the Open Hub community, looking at security for blockchain apps, and best practices for open source security in container environments are all featured in this week’s cybersecurity and open source security news.
Hitcon 2014: Surviving in tough Russian EnvironmentF _
This document summarizes a presentation on enterprise network security given in Taipei in 2014. The presentation covers prerequisites and past experience in enterprise defense, demonstrates tools and techniques for improving detection and incident handling, and discusses living with compromise in a challenging security environment like Russia. The document outlines the agenda and provides details on topics like identifying the attack surface, attacker tactics, incident response processes, and analyzing security incidents and systems.
Resilience Engineering: A field of study, a community, and some perspective s...John Allspaw
These are slides from my talk on March 28, 2018 at the LA SCALE tech Meetup, graciously hosted at TicketMaster's office. (https://www.meetup.com/scalela/events/248904126/)
The document discusses practical incident response in heterogeneous environments and overcoming limitations of traditional approaches. It proposes utilizing intelligence-driven investigation and actionable IOCs to more flexibly shape the triage process across different operating systems. Examples are provided of using software fingerprinting and debugging symbols to attribute malware and build structured knowledge bases of attackers.
This document discusses case studies of network breaches in virtualized environments. It provides an overview of the speaker's background and experience investigating cyber attacks. The document then outlines several past cases from 2011-2015, including nation state compromises and criminal organizations exfiltrating data. Tactics of advanced persistent threats and cybercriminals are converging. The presentation will explore a case study from Central Asia involving compromised government websites and the challenges of attribution.
Indicators of Compromise Magic: Living with compromiseF _
This document outlines an presentation on indicators of compromise (IOCs). It discusses IOC standards like OpenIOC and STIX, how to mine and apply IOCs through case studies and practical tasks analyzing network traffic, HTTP logs, and antivirus logs. The document provides examples of IOCs like an exploit pack trace and a Nuclearsploit pack indicator.
More Related Content
Similar to Incident Response Tactics with Compromise Indicators
This document provides an introduction to malware analysis through a presentation. It discusses key concepts like Zeus malware, behavioral analysis through tools like NetworkMiner and Wireshark, reverse engineering malware using tools like OllyDbg, and submitting samples to VirusTotal for analysis. The presentation emphasizes setting up an analysis workstation, analyzing malware behavior on networks and systems, reverse engineering code to understand malware functionality, and using virtual environments and tools safely to explore malware without risking real systems. It provides examples of real malware like Zeus to illustrate analysis concepts and techniques.
Software Analytics:Towards Software Mining that Matters (2014)Tao Xie
This document discusses software analytics and summarizes several related papers and projects. It introduces Software Analytics, which aims to enable software practitioners to perform data exploration and analysis to obtain useful insights. It then summarizes papers on techniques for performance debugging by mining stack traces, scalable code clone analysis, incident management for online services, and using games to teach programming.
This document provides an overview of reversing and malware analysis training. It discusses the purpose of malware analysis, different analysis techniques including static analysis, dynamic analysis and memory analysis. It provides examples of tools used for each technique like strings, PEview, and Volatility. The document demonstrates these concepts on a Zeus bot sample, showing its network activity, process and registry behavior through monitoring tools. Memory analysis with Volatility reveals hidden processes and network connections. The training aims to understand a malware's behavior and interaction with the system.
Stuxnet was a sophisticated malware targeting industrial control systems that was attributed to nation-state sponsorship. The document discusses techniques for attributing malware through analysis of exploits, code quality, debug symbols, and automation. Attribution aims to profile adversary capabilities and differentiate between state-sponsored and criminal actors. Analysis of Stuxnet found use of older vulnerabilities, custom payloads, and insider knowledge of target systems, suggesting a high level of technical skill and resources from a nation state.
Software Analytics: Data Analytics for Software Engineering and SecurityTao Xie
Frodo Baggins presents on software analytics for software engineering and security tasks. The presentation discusses how software and how it is built and used is changing, with data now being ubiquitous and software having continuous development and release. Software analytics aims to enable software practitioners to perform data exploration and analysis to obtain useful insights. Examples of software analytics techniques discussed include XIAO for scalable code clone analysis, and SAS for incident management of online services. The presentation then shifts to discussing software analytics techniques for mobile app security, including WHYPER for natural language processing on app descriptions to link permissions to functionality, and AppContext for machine learning to classify malware.
This document outlines the course for the Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker. The course covers topics such as introduction to ethical hacking, footprinting and reconnaissance, scanning networks, enumeration, and system hacking. It details specific methodologies, tools, attacks, and defenses for each of these areas to provide students with the skills of an ethical hacker to conduct security assessments and penetration tests. The course aims to teach students how to identify security vulnerabilities and protect systems by knowing how real-world attackers operate.
buffer overflow occurs when a program or process attempts to write more data to a fixed length block of memory, or buffer, than the buffer is allocated to hold. ... Exploiting a buffer overflow allows an attacker to control or crash the process or to modify its internal variables
Fast and Generic Malware Triage Using openioc_scan Volatility PluginTakahiro Haruyama
This document describes a Volatility Framework plugin called openioc_scan that allows for fast and generic malware triage using open Indicators of Compromise (IOCs). The plugin supports OpenIOC 1.1 format files and can detect unknown threats based on generic malware traits like unusual executable paths, code injection, and hiding data in NTFS extended attributes. Some limitations include false positives and an inability to detect certain behaviors on 64-bit systems. Open source tools and generic IOCs are available for download to help analysts detect threats.
This 5-day Certified Ethical Hacker training course teaches students how to scan, test, hack, and secure their own systems by learning the techniques used by hackers. The course covers topics like footprinting, scanning, enumeration, system hacking, viruses, sniffers, denial of service attacks, session hijacking, web server hacking, web application vulnerabilities, password cracking, SQL injection, and wireless and cryptography attacks. The goal is to help security professionals and network administrators enhance cybersecurity by thinking like an attacker in order to defend systems from real-world threats.
Indicators of Compromise were meant to solve the failures of signature-based detection tools. Yet today’s array of IOC standards, feeds and products haven’t impeded attackers, and most intel is shared in flat lists of hashes, IPs and strings. This session will explore why IOCs haven’t raised the bar, how to better utilize brittle IOCs and how to use intrinsic network data to craft better IOCs.
(Source: RSA USA 2016-San Francisco)
The document summarizes the results of a final exam on advanced PC security. The exam evaluated the test taker's knowledge on topics related to hacking, social engineering, wireless security, search tools, anonymity, and computer forensics. The test taker answered 37 out of 39 questions correctly, achieving a score of 97%. The summary congratulates the test taker on their good work.
This document provides an overview of a workshop on iForensics prevention. The workshop covers topics such as the hacker subculture, TCP/IP fundamentals, reconnaissance techniques, compromising networks, effective Windows and Unix countermeasures, and advanced security techniques. It also discusses statistics on internet fraud and provides a catalog of security products. The goal is to help participants identify common vulnerabilities and protect themselves from cyber threats.
This document provides an overview of an iForensics Prevention Workshop that aims to help organizations identify vulnerabilities to corporate espionage. The workshop covers topics like the hacker subculture, TCP/IP fundamentals, reconnaissance techniques, and compromising networks. It discusses common intrusion methods gleaned from historical data and outlines specific areas the workshop will address, including network mapping, fingerprinting, scanning, exploiting services, and buffer overflows. Following the workshop, a security consultant will assess specific vulnerabilities at each participating business.
The document summarizes the contents of an iForensics Prevention Workshop. The workshop covers topics related to corporate espionage and cybercrime, including the hacker subculture, TCP/IP fundamentals, reconnaissance techniques, and compromising networks. Attendees will learn about common vulnerabilities, penetration methods, and how to identify security risks. After the workshop, a security consultant will assess specific vulnerabilities at each participating business. The goal is to help businesses protect themselves from the estimated $2 billion in losses each year due to corporate espionage.
The document outlines the course modules for an Ethical Hacking and Countermeasures exam certification. It details 15 modules that cover topics such as introduction to ethical hacking, footprinting and reconnaissance, scanning networks, enumeration, system hacking, hiding files, and information security laws and standards. The modules provide overviews of hacking concepts and methodologies, describe various hacking techniques and tools, and discuss relevant countermeasures.
Become a Certified Ethical Hacker at Blitz Academy | Near Meshyamv3005
Discover the best ethical hacking course near you at Blitz Academy! Get certified and become an expert in ethical hacking techniques. Enroll today at our top-rated institute near you.
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Black Duck by Synopsys
It’s an acronym-filled issue of Open Source Insight, as we look at the question of SCA (software composition analysis) and how it fits into the DevOps environment. The DHS (Department of Homeland Security) has concerning security gaps, according to its OIG (Office of Inspector General). Can the CVE (Common Vulnerabilities and Exposures) gap be closed? The GDPR (General Data Protection Regulation) is bearing down on us like a freight train, and it’s past time to include open source security into your GDPR plans.
Plus, an intro to the Open Hub community, looking at security for blockchain apps, and best practices for open source security in container environments are all featured in this week’s cybersecurity and open source security news.
Hitcon 2014: Surviving in tough Russian EnvironmentF _
This document summarizes a presentation on enterprise network security given in Taipei in 2014. The presentation covers prerequisites and past experience in enterprise defense, demonstrates tools and techniques for improving detection and incident handling, and discusses living with compromise in a challenging security environment like Russia. The document outlines the agenda and provides details on topics like identifying the attack surface, attacker tactics, incident response processes, and analyzing security incidents and systems.
Resilience Engineering: A field of study, a community, and some perspective s...John Allspaw
These are slides from my talk on March 28, 2018 at the LA SCALE tech Meetup, graciously hosted at TicketMaster's office. (https://www.meetup.com/scalela/events/248904126/)
The document discusses practical incident response in heterogeneous environments and overcoming limitations of traditional approaches. It proposes utilizing intelligence-driven investigation and actionable IOCs to more flexibly shape the triage process across different operating systems. Examples are provided of using software fingerprinting and debugging symbols to attribute malware and build structured knowledge bases of attackers.
Similar to Incident Response Tactics with Compromise Indicators (20)
This document discusses case studies of network breaches in virtualized environments. It provides an overview of the speaker's background and experience investigating cyber attacks. The document then outlines several past cases from 2011-2015, including nation state compromises and criminal organizations exfiltrating data. Tactics of advanced persistent threats and cybercriminals are converging. The presentation will explore a case study from Central Asia involving compromised government websites and the challenges of attribution.
Indicators of Compromise Magic: Living with compromiseF _
This document outlines an presentation on indicators of compromise (IOCs). It discusses IOC standards like OpenIOC and STIX, how to mine and apply IOCs through case studies and practical tasks analyzing network traffic, HTTP logs, and antivirus logs. The document provides examples of IOCs like an exploit pack trace and a Nuclearsploit pack indicator.
whats wrong with modern security tools and other blurpsF _
This document discusses the limitations of modern network security tools and techniques. It provides examples of how malware authors are able to evade detection from antivirus software, network filters, and other defenses by using techniques like domain generation algorithms, encoding payloads in images and documents, and compromising legitimate websites and infrastructure to host and distribute attacks. The document argues that security vendors struggle to keep up with the constantly evolving tactics of cybercriminals, and that non-targeted social engineering attacks remain an effective way to compromise users.
Hunting The Shadows: In Depth Analysis of Escalated APT AttacksF _
This document analyzes advanced persistent threat (APT) attacks targeting Taiwan, focusing on the "Lstudio" group. It describes the group's infrastructure including command and control servers, use of botnets to control thousands of compromised machines internationally, and development of custom tools. The summary highlights key points about the group's operations since 2007, use of multiple software versions and back-ends, and targeting of both government and private sector victims primarily in Taiwan but also worldwide.
This document discusses various techniques used in cyber attacks, including exploiting vulnerabilities in software like Adobe Reader and Microsoft Office, using email as an attack vector, and social engineering techniques like password-protected archives. Specific examples are given of attacks resembling advanced persistent threats (APTs), including a targeted email with an exploit-carrying document and customized payload behavior. Detection and prevention methods are also covered, such as analyzing suspicious user agents and traffic patterns.
HITB2013AMS Defenting the enterprise, a russian way!F _
Thank you for the summary. While technology can enable both helpful and harmful uses, focusing on understanding different perspectives and bringing more light than heat can help address challenges in a constructive manner.
This document discusses detecting malicious network infrastructure through analyzing DNS traffic patterns. Specific techniques discussed include analyzing DNS query patterns for domain generation algorithm (DGA) domains to identify botnets. The document outlines a system built to perform passive DNS analysis to cluster similarly behaving domains and map command and control (C&C) infrastructure through techniques like WHOIS lookups and identifying domains with shared IP addresses or autonomous system numbers. Examples are provided of analyzing DNS query data step-by-step to identify known botnets like Carberp and Palevo. Automated detection and mapping of C&C infrastructure is discussed as well as potential uses of the collected data like generating blacklists or taking over botnets.
The document outlines tools and methods used to study the Russian underground economy. It discusses how data is collected from public forums and compromised systems. Automated and manual analysis is used to understand terminology and trends. Open source tools like Nutch and SOLR are customized for processing slang and context. The document then describes various online criminal activities like malware distribution, credit card theft, money laundering through money mules and currency exchanges. Metrics on traffic generation and DDoS costs are provided. Emerging areas like mobile malware and SEO spam are also covered. The document concludes by noting how cybercrime has become a global online economy rather than isolated incidents.
This document provides a summary of a presentation on cybercrime trends in 2012. It discusses emerging attack vectors like database breaches and email campaigns. Case studies are presented on malicious campaigns targeting Russian websites like kp.ru and rzd.ru in late 2011. Evolving evasion techniques used by cybercriminals like exploiting stolen DNS accounts and domains with similar names are examined. Mobile malware scams are also covered. The document concludes by emphasizing the need for automating real-time detection to keep up with cybercriminal techniques.
The document outlines an agenda for a seminar on enhancing AML/CTF tools and techniques to address electronic payment systems increasingly used for criminal activities. The seminar will examine case studies of real "red flag" activities involving electronic payment channels and patterns, and discuss regulatory requirements and best practices for monitoring these payment vehicles and strengthening AML programs. Speakers will also provide examples of underground money transfer systems like WebMoney that are abused for fraudulent services.
The document discusses unlawful internet activities like malware, cybercrime and digital piracy. It describes different types of actors involved, from "kiddies" to organized cybercriminal groups. It analyzes advanced persistent threats and case studies of infrastructure compromises. Examples are given of traffic monetization, ad abuse like malvertisements, extortion scams, and illicit online goods and services. The presentation aims to provide insights into these criminal underground economies and how they operate.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
Incident Response Tactics with Compromise Indicators
1. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
Incident Response tactics with Compromise Indicators
Vladimir Kropotov, Vitaly Chetvertakov, Fyodor Yarochkin
RusCrypto 2014
Affilations: Academia Sinica, o0o.nu, chroot.org
March 25-28, 2014
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
2. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
Outline
Basics
Standards
Tools
Sharing IOCs
IOCs composites
Case Study
More on Tools
Questions
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
3. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
Introduction
Indicators of Compromise
Indicator of compromise (IOC) in computer forensics is an artifact observed on
network or in operating system that with high confidence indicates a computer
intrusion.
http://en.wikipedia.org/wiki/Indicator_of_compromise
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
4. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
IOC workflow
A typical flow with Indicators of Compromise: source: Sophisticated indicators for the modern
threat landscape, 2012 paper
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
5. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
Standards: OpenIOC
OpenIOC - Mandiant-backed effort for unform representation of IOC (now
FireEye) http://www.openioc.org/
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
6. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
Standards: Mitre
Mitre CybOX: http://cybox.mitre.org/
https://github.com/CybOXProject/Tools
https://github.com/CybOXProject/openioc-to-cybox Mitre CAPEC:
http://capec.mitre.org/ Mitre STIX: http://stix.mitre.org/ Mitre
TAXII http://taxii.mitre.org/
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
7. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
Open-source tools
OpenIOC manipulation
https://github.com/STIXProject/openioc-to-stix
https://github.com/tklane/openiocscripts
Mantis Threat Intelligence Framework
https://github.com/siemens/django-mantis.git Mantis supports
STIX/CybOX/IODEF/OpenIOC etc via importers:
https://github.com/siemens/django-mantis-openioc-importer
Search splunk data for IOC indicators:
https://github.com/technoskald/splunk-search
Our framework: http://github.com/fygrave/iocmap/
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
8. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
Online Sharing of IOCs
http://iocbucket.com/
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
9. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
Policies on Sharing
Policies on sharing IOCs:
what to be shared/can be shared
who to share with
when to share
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
10. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
Where to look for IOCs:
Outbound Network Traffic
User Activities/Failed Logins
User profile folders
Administrative Access
Access from unsual IP addresses
Database IO: excessive READs
Size of responses of web pages
Unusual access to particular files within Web Application (backdoor)
Unusual port/protocol connections
DNS and HTTP traffic requests
Suspicious Scripts, Executables and Data Files
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
11. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
Challenges
Why we need IOCs? because it makes it easier to systematically describe
knowledge about breaches.
Identifying intrusions is hard
Unfair game:
defender should protect all the assets
attacker only needs to ’poop’ one system.
Identifying targeted, organized intrusions is even harder
Minor anomalous events are important when put together
Seeing global picture is a mast
Details matter
Attribution is hard
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
12. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
Challenges
All networks are compromised
The difference between a good security team and a bad security team is that
with a bad security team you will never know that you’ve been compromised.
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
13. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
An Example
A Network compromise case study:
Attackers broke via a web vuln.
Attackers gained local admin access
Attackers created a local user
Attackers started probing other machines for default user ids
Attackers launched tunneling tools – connecting back to C2
Attackers installed RATs to maintain access
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
14. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
Indicators
So what are the compromise indicators here?
Where did attackers come from? (IP)
What vulnerability was exploited? (pattern)
What web backdoor was used? (pattern, hash)
What tools were uploaded? (hashes)
What users were created locally? (username)
What usernames were probed on other machines
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
15. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
Good or Bad?
F i l e Name : RasTls . exe
F i l e S i z e : 105 kB
F i l e M o d i f i c a t i o n Date /Time : 2 0 0 9 : 0 2 : 0 9 1 9 : 4 2 : 0 5 + 0 8 : 0 0
F i l e Type : Win32 EXE
MIME Type : a p p l i c a t i o n / o c t e t −stream
Machine Type : I n t e l 386 o r l a t e r , and c o m p a t i b l e s
Time Stamp : 2 0 0 9 : 0 2 : 0 2 1 3 : 3 8 : 3 7 + 0 8 : 0 0
PE Type : PE32
L i n k e r V e r s i o n : 8 . 0
Code S i z e : 49152
I n i t i a l i z e d Data S i z e : 57344
U n i n i t i a l i z e d Data S i z e : 0
Entry P o i n t : 0 x3d76
OS V e r s i o n : 4 . 0
Image V e r s i o n : 0 . 0
Subsystem V e r s i o n : 4 . 0
Subsystem : Windows GUI
F i l e V e r s i o n Number : 1 1 . 0 . 4 0 1 0 . 7
Product V e r s i o n Number : 1 1 . 0 . 4 0 1 0 . 7
F i l e OS : Windows NT 32− b i t
Object F i l e Type : E x e c u t a b l e a p p l i c a t i o n
Language Code : E n g l i s h (U . S . )
C h a r a c t e r Set : Windows , L a t i n 1
Company Name : Symantec C o r p o r a t i o n
F i l e D e s c r i p t i o n : Symantec 8 0 2 . 1 x S u p p l i c a n t
F i l e V e r s i o n : 1 1 . 0 . 4 0 1 0 . 7
I n t e r n a l Name : d o t 1 x t r a y
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
16. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
It really depends on context
RasTls . DLL
RasTls . DLL . msc
RasTls . exe
http://msdn.microsoft.com/en-us/library/ms682586(v=VS.85).aspx
Dynamic-Link Library Search Order
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
17. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
Tools for Dynamic Detection of IOC
Snort
Yara + yara-enabled tools
Moloch
Splunk/Log search
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
18. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
Tools for Dynamic Detection
Moloch
Moloch supports Yara (IOCs can be directly applied)
Moloch has tagger plugin:
# tagger . so
# p r o v i d e s a b i l i t y to import t e x t f i l e s with IP and/ or hostn
# i n t o a sensor that would cause autotagging of a l l matching
p l u g i n s=tagger . so
t a g g e r I p F i l e s=b l a c k l i s t , tag , tag , tag . . .
taggerDomainFiles=domainbasedblacklists , tag , tag , tag
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
19. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
Sources of IOCs
ioc bucket:
http://iocbucket.com
Public blacklists/trackers could also be used as source:
https:
//zeustracker.abuse.ch/blocklist.php?download=ipblocklist
https:
//zeustracker.abuse.ch/blocklist.php?download=domainblocklist
Eset IOC repository
https://github.com/eset/malware-ioc
more coming?
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
20. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
where to mine IOC
passive HTTP (keep your data recorded)
passive DNS
These platforms provide ability to mine traffic or patterns from the past based
on IOC similarity
show me all the packets similar to this IOC
We implemented a whois service for IOC look-ups
whois −h i o c . host . com a t t r i b u t e : value+a t t r i b u t e : value
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
21. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
Mining IOCs from your own data
find and investigate incident
Or even read paper
determine indicators and test it in YOUR Environment
use new indicators in the future
see IOC cycle we mentioned earlier
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
22. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
Example
If event chain leads to compromise
h t t p : / / l i a p o l a s e n s [ . ] i n f o / indexm . html
h t t p : / / l i a p o l a s e n s [ . ] i n f o / c o u n t e r . php ? t=f&v=win %2011 ,7 ,700 ,169& a=t r u e
h t t p : / / l i a p o l a s e n s [ . ] i n f o /354 RIcx
h t t p : / / l i a p o l a s e n s [ . ] i n f o /054 RIcx
What to do?
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
23. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
Use YARA, or tune your own tools
r u l e susp_params_in_url_kind_of_fileless_bot_drive_by
{
meta :
date = " o c t ␣ 2013 "
d e s c r i p t i o n = " Landing ␣ hxxp : / / j d a t a s t o r e l a m e . i n f o / indexm . html ␣␣ 0 4 . 1 0 . 2 0 1 3 ␣ 1 3 : 1 4 ␣␣ 1 0 8 . 6
d e s c r i p t i o n 1 = "␣ Java ␣ S p l o i t ␣ hxxp : / / j d a t a s t o r e l a m e . i n f o /054 RIwj ␣␣␣␣␣"
s t r i n g s :
$ s t r i n g 0 = " h t t p "
$ s t r i n g 1 = " indexm . html "
$ s t r i n g 2 = " 054 RI "
c o n d i t i o n :
a l l o f them
}
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
24. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
Use snort to catch suspicious traffic:
# many plugX d e p l o y m e n t s c o n n e c t to g o o g l e DNS when not i n use
a l e r t t c p ! $DNS_SERVERS any −> 8 . 8 . 8 . 8 53 ( msg : "APT␣ p o s s i b l e ␣ PlugX ␣ Google ␣DNS␣TCP
p o r t ␣53␣ c o n n e c t i o n ␣ attempt " ; c l a s s t y p e : misc−a c t i v i t y ; s i d : 5 0 0 0 0 0 1 1 2 ;
r e v : 1 ; )
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
25. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
GRR: Google Rapid Response:
http://code.google.com/p/grr/
Hunting IOC artifacts with GRR
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
26. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
GRR: Creating rules
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
27. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
GRR: hunt in progress
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
28. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
IOC management portal
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
29. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
IOC exportable to json
{ " 8000 " : { " IP " : [ ’ 2 1 2 . 8 3 . 1 6 7 . 1 9 2 ’ , ’ 2 1 2 . 8 3 . 1 7 0 . 1 4 ’ , ’ 2 1 2 . 8 3 . 1 7 0 . 2 2 ’ , ’ 2 1 2 . 8 3 . 1 7 3 . 1 6 3 ’ , ’ 2 1
" f y f l a s h " : { " IP " : [ ’ 1 0 3 . 2 4 6 . 2 4 6 . 1 0 3 ’ , ’ 7 4 . 1 2 6 . 1 7 7 . 6 8 ’ , ’ 2 0 4 . 2 0 0 . 2 2 2 . 1 3 6 ’ , ’ 1 9 4 . 1 8 3 . 2 2 4 . 7 5 ’
’ 7 6 . 7 3 . 8 0 . 1 8 8 ’ , ’ 7 4 . 1 2 6 . 1 7 7 . 7 0 ’ , ’ 1 9 2 . 7 4 . 2 4 6 . 2 1 9 ’ , ’ 7 4 . 1 2 6 . 1 7 7 . 2 4 1 ’ ] ,
"Domain" : [ ’ wmi . ns01 . us ␣ ’ , ’ p r o x y . ddns . i n f o ␣ ’ , ’ windows . ddns . us ␣ ’ ,
’ m i c r o s a f e s . no−i p . org ␣ ’ , ’ f u c k c h i n a . govnb . com␣ ’ , ’ i d s . ns01 . us ␣ ’ ,
’ updatedns . ns01 . us ␣ ’ , ’ updatedns . ns02 . us ␣ ’ ,
’ a d s e r v i c e . no−i p . org ␣ ’ , ’ j a v a . ns1 . name␣ ’ ] ,
"MD5" : [ ’ 7 d810e3564c4eb95bcb3d11ce191208e ’ , ’ 1 ec5141051776ec9092db92050192758 ’ ] } ,
" b t c " : { " IP " : [ ’ 1 8 4 . 1 0 6 . 1 4 6 . 2 4 4 ’ ] } ,
" s l v b u s o " : { "MD5" : [ ’ 45645 F17E3B014B9BCE89A793F5775B2 ’ ] , "Domain" : [ ’ h e l l d a r k . b i z ’ ] } ,
" sp " : { " IP " : [ ’ 1 9 4 . 5 8 . 9 1 . 1 8 6 ’ , ’ 9 5 . 1 5 6 . 2 3 8 . 1 4 ’ , ’ 1 9 2 . 9 5 . 4 6 . 0 ’ , ’ 1 9 8 . 5 0 . 1 3 1 . 2 2 0 ’ , ’ 1 9 8 . 5 0 . 2 4
’ 1 9 8 . 5 0 . 1 4 0 . 7 2 ’ , ’ 9 5 . 1 5 6 . 2 3 8 . 5 ’ , ’ 1 9 2 . 9 5 . 4 6 . 2 5 ’ ] } ,
"pw" : { " IP " : [ ’ 1 8 5 . 8 . 1 0 6 . 9 7 ’ , ’ 1 9 5 . 2 . 2 5 3 . 2 5 ’ ] } ,
"sophMdropFQI " : { "MD5" : [ ’ c f 6 5 6 f d 9 f 8 3 9 a 5 c d 5 6 b b 9 9 9 1 9 7 7 4 5 a 4 9 ’ ] , "Domain" : [ ’ s a m i o l l o . org ’ ]
" symsr " : { " IP " : [ ’ 2 1 2 . 9 5 . 3 2 . 5 2 ’ , ’ 9 5 . 2 1 1 . 1 3 0 . 1 3 2 ’ , ’ 1 2 3 . 4 5 . 6 7 . 8 9 ’ ] ,
"Domain" : [ ’ w e r t d g h b y r u k l . ch ’ , ’ r g t r y h b g d d t y h . b i z ’ ] }
" f a k e i n s t r " : { " IP " : [ ’ 4 6 . 1 6 5 . 2 5 0 . 2 3 7 ’ , ’ 4 6 . 1 6 5 . 2 5 0 . 2 3 6 ’ , ’ 4 6 . 1 6 5 . 2 5 0 . 1 9 7 ’ ] } ,
" msProlaco " : { "Domain" : [ ’ k a t h e l l . com ’ , ’ c o g i n i x . org ’ ] } }
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
30. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
and every manager loves graphs :p
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org
31. Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
Q and A
Or contact us at . . .
Incident Response tactics with Compromise Indicators Affilations: Academia Sinica, o0o.nu, chroot.org