SlideShare a Scribd company logo

Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - Codemotion Milan 2016

Codemotion
Codemotion

Cyber security is one of the most challenging topic in the current era. Cyber attacks are becoming day by day more sophisticated and difficult to be detected by automated systems. People who understand cyber threats and act to block cyber attacks are defined as cyber analysts. But what do they really do ? What dificulties do they meet and what background should they have before starting the "neverending" "cyber security" learning path ? Why is not enough an automated system ? Marco will talk about real experiences on the cyber analyst field.

Technology
1 of 32
Download to read offline
Profilo aziendale YOROI November 26 2016 CodeMotion Milan Marco Ramilli
Profilo aziendale YOROI Cyber Analysts: who they are, what they do, where they are !
Profilo aziendale YOROI Agenda: - Cyber Analysts: who they are! - Cyber Analysts: what they do! - Cyber Analysts: where they are!
Profilo aziendale YOROI Today’s Host ● PhD in Bologna Joint UCDavis ○ Cyber Security, Penetration Testing US Voting Machines ○ Books and Publications ● NIST ○ OEVT ○ Penetration Testing methodologies to help US Democracy ● Palantir ○ Product Company ○ Intelligence Company ● Yoroi ○ One of the most extraordinary cyber security company founded in Europe (Hakin9)
Profilo aziendale YOROI Who they are! Nowadays is not a trivial topic: ● Deep Learning Machines ● Cognitive Computing ● Machine Learning Algorithms ● Neural Networks Undermine the Human side of Cyber Security Analysis. But could that technology really take off the human side of this job ?
Profilo aziendale YOROI Who they are! Dark Avenger Mutation Algorithm (1993) It could produce some decryptor cases that appeared only in about 5% or less of all cases. However, the engine had a couple of minor limitations that were enough to detect the virus reliably using an instruction size disassembler and a state machine. In fact, there is only one constant byte in an MtE decryptor, the 0x75 (JNZ), which is followed by a negative offset—and even that is placed at a variable location (at the end of the decryptor, whose length is not constant).
Profilo aziendale YOROI Who they are! Super Simple Malware Evasion Technique. Credits: https://www.exploit-db.com/34591
Profilo aziendale YOROI Who they are! Red Pill Approach credits: A fistful of red-pills: How to automatically generate procedures to detect CPU emulators
Profilo aziendale YOROI Who they are!
Profilo aziendale YOROI What they do! ● Day 1, Morning. A phone call (from IT department) saying a server is performing weird network requests. ● Day 1, Afternoon. A VMWare image is sent to Cyber Analyst email box he’ gotta run !
Profilo aziendale YOROI What they do! Apport -> Intercepts crashes right when they happen the first time, gathers system information and send back to developers stack traces and useful infos to fixt the crash package-data-downloader -> used by software installers such as dpkg and apt.
Profilo aziendale YOROI What they do! SubProcess … Why ? /usr/bin/lls … What ?
Profilo aziendale YOROI What they do! SubProcess … Why ? /usr/bin/lls … What ?
Profilo aziendale YOROI What they do!
Profilo aziendale YOROI What they do!
Profilo aziendale YOROI What they do! Connect to 198.216.87.22 ?
Profilo aziendale YOROI What they do! Ok, let’s intercept what it sends to 198 ! On the client side in the meanwhile ... Oh boy… really ?
Profilo aziendale YOROI What they do!
Profilo aziendale YOROI What they do! Ok, we’ve got password exfiltration every crash dump and every software update and machine control since ssh is available. But how they trigger persistence on a server ? Maybe attackers trigger crashes from outside ?
Profilo aziendale YOROI What they do! Et Voilà ! CVE-2014-3583
Profilo aziendale YOROI What they do! Ok, we know pretty much a lot of things about the intrusion even how they get persistence... But why the user reported a “strange behavior” ? Maybe attackers needed such a server as pivot server ? Oh..Oh !!
Profilo aziendale YOROI What they do! Here we go ! A nice SEH BOverflow on Windows We need to asks for another server Image ….. :D Ok not today...
Profilo aziendale YOROI What they do! It was a quite original way to penetrate a system… is it a new fancy opportunistic way ?
Profilo aziendale YOROI What they do!
Profilo aziendale YOROI What they do! How “lls” landed here ?
Profilo aziendale YOROI What they do! Only 5 iterations ? - Let’s check it out !
Profilo aziendale YOROI What they do! A simple reminds on Linux passwords: ● schema: $id$salt$hashed ○ $1$ -> MD5 ○ $2a$ -> Blowfish ○ $2y$ -> Blowfish (8-bit chars) ○ $5$ -> SHA-256 ○ $6$ -> SHA-512 ● !: account is password locked ● *: account is locked ● !!: no password set (RedHat)
Profilo aziendale YOROI What they do!
Profilo aziendale YOROI What they do!
Profilo aziendale YOROI Where they are! ● Unfortunately there is not a full learning path to become Cyber Security Analyst so far. ● There are a lot of classes on: ○ Reverse Engineer ○ Firmware Analyses ○ Forensic Analyses ○ Penetration Testing ○ Vulnerability Assessments ○ Secure Policy Assessment ○ . . . . . ● But a Cyber Security Analyst should be able to perform each of these actions + human interactions + strategic thinking + organization chart knowledge + problem solving
Profilo aziendale YOROI Where they are ?
Profilo aziendale YOROI We are Hiring ! www.yoroi.company

Recommended

Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016
Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016
Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016
Codemotion
 
Hacking for salone: drone races
Hacking for salone: drone racesHacking for salone: drone races
Hacking for salone: drone races
Emanuele Di Saverio
 
From printed circuit boards to exploits
From printed circuit boards to exploitsFrom printed circuit boards to exploits
From printed circuit boards to exploits
virtualabs
 
28c3 in 15
28c3 in 1528c3 in 15
28c3 in 15
antitree
 
The dangers of black box devices.
The dangers of black box devices.The dangers of black box devices.
The dangers of black box devices.
Rsaesha
 
Scaling IoT: Telemetry, Command & Control, Analytics and the Cloud
Scaling IoT: Telemetry, Command & Control, Analytics and the CloudScaling IoT: Telemetry, Command & Control, Analytics and the Cloud
Scaling IoT: Telemetry, Command & Control, Analytics and the Cloud
Nick Landry
 
Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016
Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016 Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016
Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016
Codemotion
 
Getting started with go - Florin Patan - Codemotion Milan 2016
Getting started with go - Florin Patan - Codemotion Milan 2016Getting started with go - Florin Patan - Codemotion Milan 2016
Getting started with go - Florin Patan - Codemotion Milan 2016
Codemotion
 

Recommended

Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016
Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016
Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016
Codemotion
 
Hacking for salone: drone races
Hacking for salone: drone racesHacking for salone: drone races
Hacking for salone: drone races
Emanuele Di Saverio
 
From printed circuit boards to exploits
From printed circuit boards to exploitsFrom printed circuit boards to exploits
From printed circuit boards to exploits
virtualabs
 
28c3 in 15
28c3 in 1528c3 in 15
28c3 in 15
antitree
 
The dangers of black box devices.
The dangers of black box devices.The dangers of black box devices.
The dangers of black box devices.
Rsaesha
 
Scaling IoT: Telemetry, Command & Control, Analytics and the Cloud
Scaling IoT: Telemetry, Command & Control, Analytics and the CloudScaling IoT: Telemetry, Command & Control, Analytics and the Cloud
Scaling IoT: Telemetry, Command & Control, Analytics and the Cloud
Nick Landry
 
Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016
Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016 Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016
Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016
Codemotion
 
Getting started with go - Florin Patan - Codemotion Milan 2016
Getting started with go - Florin Patan - Codemotion Milan 2016Getting started with go - Florin Patan - Codemotion Milan 2016
Getting started with go - Florin Patan - Codemotion Milan 2016
Codemotion
 
Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...
Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...
Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...
Codemotion
 
Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016
Codemotion
 
DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...
DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...
DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...
Codemotion
 
The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016
The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016
The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016
Codemotion
 
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016
Codemotion
 
Come rendere il proprio prodotto una bomba creandogli una intera community in...
Come rendere il proprio prodotto una bomba creandogli una intera community in...Come rendere il proprio prodotto una bomba creandogli una intera community in...
Come rendere il proprio prodotto una bomba creandogli una intera community in...
Codemotion
 
How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016
How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016
How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016
Codemotion
 
A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...
A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...
A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...
Codemotion
 
Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...
Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...
Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...
Codemotion
 
The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...
The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...
The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...
Codemotion
 
Developing apps for developing countries - Natalie Pistunovich - Codemotion M...
Developing apps for developing countries - Natalie Pistunovich - Codemotion M...Developing apps for developing countries - Natalie Pistunovich - Codemotion M...
Developing apps for developing countries - Natalie Pistunovich - Codemotion M...
Codemotion
 
Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...
Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...
Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...
Codemotion
 
Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016
Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016
Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016
Codemotion
 
Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016
Codemotion
 
Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016
Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016
Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016
Codemotion
 
The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...
The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...
The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...
Codemotion
 
Luciano Fiandesio - Docker 101 | Codemotion Milan 2015
Luciano Fiandesio - Docker 101 | Codemotion Milan 2015Luciano Fiandesio - Docker 101 | Codemotion Milan 2015
Luciano Fiandesio - Docker 101 | Codemotion Milan 2015
Codemotion
 
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion
 
Cutting the Fat
Cutting the FatCutting the Fat
Cutting the Fat
Codemotion
 
A recommendation engine for your applications - M.Orselli - Codemotion Rome 17
A recommendation engine for your applications - M.Orselli - Codemotion Rome 17A recommendation engine for your applications - M.Orselli - Codemotion Rome 17
A recommendation engine for your applications - M.Orselli - Codemotion Rome 17
Codemotion
 
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Codemotion
 
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
OpenSlidesArchive
 

More Related Content

Viewers also liked

Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...
Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...
Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...
Codemotion
 
Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016
Codemotion
 
DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...
DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...
DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...
Codemotion
 
The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016
The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016
The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016
Codemotion
 
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016
Codemotion
 
Come rendere il proprio prodotto una bomba creandogli una intera community in...
Come rendere il proprio prodotto una bomba creandogli una intera community in...Come rendere il proprio prodotto una bomba creandogli una intera community in...
Come rendere il proprio prodotto una bomba creandogli una intera community in...
Codemotion
 
How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016
How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016
How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016
Codemotion
 
A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...
A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...
A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...
Codemotion
 
Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...
Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...
Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...
Codemotion
 
The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...
The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...
The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...
Codemotion
 
Developing apps for developing countries - Natalie Pistunovich - Codemotion M...
Developing apps for developing countries - Natalie Pistunovich - Codemotion M...Developing apps for developing countries - Natalie Pistunovich - Codemotion M...
Developing apps for developing countries - Natalie Pistunovich - Codemotion M...
Codemotion
 
Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...
Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...
Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...
Codemotion
 
Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016
Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016
Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016
Codemotion
 
Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016
Codemotion
 
Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016
Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016
Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016
Codemotion
 
The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...
The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...
The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...
Codemotion
 
Luciano Fiandesio - Docker 101 | Codemotion Milan 2015
Luciano Fiandesio - Docker 101 | Codemotion Milan 2015Luciano Fiandesio - Docker 101 | Codemotion Milan 2015
Luciano Fiandesio - Docker 101 | Codemotion Milan 2015
Codemotion
 
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion
 
Cutting the Fat
Cutting the FatCutting the Fat
Cutting the Fat
Codemotion
 
A recommendation engine for your applications - M.Orselli - Codemotion Rome 17
A recommendation engine for your applications - M.Orselli - Codemotion Rome 17A recommendation engine for your applications - M.Orselli - Codemotion Rome 17
A recommendation engine for your applications - M.Orselli - Codemotion Rome 17
Codemotion
 

Viewers also liked (20)

Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...
Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...
Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...
 
Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016
 
DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...
DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...
DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...
 
The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016
The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016
The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016
 
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016
 
Come rendere il proprio prodotto una bomba creandogli una intera community in...
Come rendere il proprio prodotto una bomba creandogli una intera community in...Come rendere il proprio prodotto una bomba creandogli una intera community in...
Come rendere il proprio prodotto una bomba creandogli una intera community in...
 
How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016
How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016
How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016
 
A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...
A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...
A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...
 
Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...
Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...
Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...
 
The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...
The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...
The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...
 
Developing apps for developing countries - Natalie Pistunovich - Codemotion M...
Developing apps for developing countries - Natalie Pistunovich - Codemotion M...Developing apps for developing countries - Natalie Pistunovich - Codemotion M...
Developing apps for developing countries - Natalie Pistunovich - Codemotion M...
 
Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...
Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...
Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...
 
Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016
Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016
Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016
 
Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016
 
Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016
Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016
Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016
 
The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...
The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...
The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...
 
Luciano Fiandesio - Docker 101 | Codemotion Milan 2015
Luciano Fiandesio - Docker 101 | Codemotion Milan 2015Luciano Fiandesio - Docker 101 | Codemotion Milan 2015
Luciano Fiandesio - Docker 101 | Codemotion Milan 2015
 
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
 
Cutting the Fat
Cutting the FatCutting the Fat
Cutting the Fat
 
A recommendation engine for your applications - M.Orselli - Codemotion Rome 17
A recommendation engine for your applications - M.Orselli - Codemotion Rome 17A recommendation engine for your applications - M.Orselli - Codemotion Rome 17
A recommendation engine for your applications - M.Orselli - Codemotion Rome 17
 

Similar to Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - Codemotion Milan 2016

Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Codemotion
 
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
OpenSlidesArchive
 
Malware's Most Wanted: How to tell BADware from adware
Malware's Most Wanted: How to tell BADware from adwareMalware's Most Wanted: How to tell BADware from adware
Malware's Most Wanted: How to tell BADware from adware
Cyphort
 
The difference between a duck
The difference between a duckThe difference between a duck
The difference between a duck
SensePost
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Positive Hack Days
 
Phd final
Phd finalPhd final
Phd final
Positive Hack Days
 
Data Driven Security, from Gartner Security Summit 2012
Data Driven Security, from Gartner Security Summit 2012Data Driven Security, from Gartner Security Summit 2012
Data Driven Security, from Gartner Security Summit 2012
Nick Galbreath
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015
Zoltan Balazs
 
On hacking & security
On hacking & security On hacking & security
On hacking & security
Ange Albertini
 
HITB2013AMS Defenting the enterprise, a russian way!
HITB2013AMS Defenting the enterprise, a russian way!HITB2013AMS Defenting the enterprise, a russian way!
HITB2013AMS Defenting the enterprise, a russian way!
F _
 
Os Nightingale
Os NightingaleOs Nightingale
Os Nightingale
oscon2007
 
Brick all the internet of things!(with notes)
Brick all the internet of things!(with notes)Brick all the internet of things!(with notes)
Brick all the internet of things!(with notes)
Jimmy Shah
 
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Nick Galbreath
 
Bulletproof IT Security
Bulletproof IT SecurityBulletproof IT Security
Bulletproof IT Security
London School of Cyber Security
 
“Silicon Slip-ups: The Ten Most Common Errors Processor Suppliers Make (Numbe...
“Silicon Slip-ups: The Ten Most Common Errors Processor Suppliers Make (Numbe...“Silicon Slip-ups: The Ten Most Common Errors Processor Suppliers Make (Numbe...
“Silicon Slip-ups: The Ten Most Common Errors Processor Suppliers Make (Numbe...
Edge AI and Vision Alliance
 
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 201450 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
Chris Nickerson
 
LST Toolkit: Exfiltration Over Sound, Light, Touch
LST Toolkit: Exfiltration Over Sound, Light, TouchLST Toolkit: Exfiltration Over Sound, Light, Touch
LST Toolkit: Exfiltration Over Sound, Light, Touch
Dimitry Snezhkov
 
A Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization TechnologyA Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization Technology
FFRI, Inc.
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value Attacks
Cyphort
 
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
CODE BLUE
 

Similar to Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - Codemotion Milan 2016 (20)

Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
 
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
 
Malware's Most Wanted: How to tell BADware from adware
Malware's Most Wanted: How to tell BADware from adwareMalware's Most Wanted: How to tell BADware from adware
Malware's Most Wanted: How to tell BADware from adware
 
The difference between a duck
The difference between a duckThe difference between a duck
The difference between a duck
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
 
Phd final
Phd finalPhd final
Phd final
 
Data Driven Security, from Gartner Security Summit 2012
Data Driven Security, from Gartner Security Summit 2012Data Driven Security, from Gartner Security Summit 2012
Data Driven Security, from Gartner Security Summit 2012
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015
 
On hacking & security
On hacking & security On hacking & security
On hacking & security
 
HITB2013AMS Defenting the enterprise, a russian way!
HITB2013AMS Defenting the enterprise, a russian way!HITB2013AMS Defenting the enterprise, a russian way!
HITB2013AMS Defenting the enterprise, a russian way!
 
Os Nightingale
Os NightingaleOs Nightingale
Os Nightingale
 
Brick all the internet of things!(with notes)
Brick all the internet of things!(with notes)Brick all the internet of things!(with notes)
Brick all the internet of things!(with notes)
 
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013
 
Bulletproof IT Security
Bulletproof IT SecurityBulletproof IT Security
Bulletproof IT Security
 
“Silicon Slip-ups: The Ten Most Common Errors Processor Suppliers Make (Numbe...
“Silicon Slip-ups: The Ten Most Common Errors Processor Suppliers Make (Numbe...“Silicon Slip-ups: The Ten Most Common Errors Processor Suppliers Make (Numbe...
“Silicon Slip-ups: The Ten Most Common Errors Processor Suppliers Make (Numbe...
 
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 201450 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
 
LST Toolkit: Exfiltration Over Sound, Light, Touch
LST Toolkit: Exfiltration Over Sound, Light, TouchLST Toolkit: Exfiltration Over Sound, Light, Touch
LST Toolkit: Exfiltration Over Sound, Light, Touch
 
A Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization TechnologyA Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization Technology
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value Attacks
 
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
 

More from Codemotion

Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Codemotion
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending story
Codemotion
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storia
Codemotion
 
Pennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserPennisi - Essere Richard Altwasser
Pennisi - Essere Richard Altwasser
Codemotion
 
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Codemotion
 
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Codemotion
 
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Codemotion
 
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Codemotion
 
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Codemotion
 
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Codemotion
 
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Codemotion
 
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Codemotion
 
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Codemotion
 
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Codemotion
 
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Codemotion
 
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
Codemotion
 
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Codemotion
 
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Codemotion
 
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Codemotion
 
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Codemotion
 

More from Codemotion (20)

Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending story
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storia
 
Pennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserPennisi - Essere Richard Altwasser
Pennisi - Essere Richard Altwasser
 
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
 
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
 
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
 
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
 
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
 
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
 
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
 
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
 
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
 
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
 
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
 
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
 
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
 
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
 
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
 
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
 

Recently uploaded

9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
saastr
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 

Recently uploaded (20)

9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 

Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - Codemotion Milan 2016

  • 1. Profilo aziendale YOROI November 26 2016 CodeMotion Milan Marco Ramilli
  • 2. Profilo aziendale YOROI Cyber Analysts: who they are, what they do, where they are !
  • 3. Profilo aziendale YOROI Agenda: - Cyber Analysts: who they are! - Cyber Analysts: what they do! - Cyber Analysts: where they are!
  • 4. Profilo aziendale YOROI Today’s Host ● PhD in Bologna Joint UCDavis ○ Cyber Security, Penetration Testing US Voting Machines ○ Books and Publications ● NIST ○ OEVT ○ Penetration Testing methodologies to help US Democracy ● Palantir ○ Product Company ○ Intelligence Company ● Yoroi ○ One of the most extraordinary cyber security company founded in Europe (Hakin9)
  • 5. Profilo aziendale YOROI Who they are! Nowadays is not a trivial topic: ● Deep Learning Machines ● Cognitive Computing ● Machine Learning Algorithms ● Neural Networks Undermine the Human side of Cyber Security Analysis. But could that technology really take off the human side of this job ?
  • 6. Profilo aziendale YOROI Who they are! Dark Avenger Mutation Algorithm (1993) It could produce some decryptor cases that appeared only in about 5% or less of all cases. However, the engine had a couple of minor limitations that were enough to detect the virus reliably using an instruction size disassembler and a state machine. In fact, there is only one constant byte in an MtE decryptor, the 0x75 (JNZ), which is followed by a negative offset—and even that is placed at a variable location (at the end of the decryptor, whose length is not constant).
  • 7. Profilo aziendale YOROI Who they are! Super Simple Malware Evasion Technique. Credits: https://www.exploit-db.com/34591
  • 8. Profilo aziendale YOROI Who they are! Red Pill Approach credits: A fistful of red-pills: How to automatically generate procedures to detect CPU emulators
  • 10. Profilo aziendale YOROI What they do! ● Day 1, Morning. A phone call (from IT department) saying a server is performing weird network requests. ● Day 1, Afternoon. A VMWare image is sent to Cyber Analyst email box he’ gotta run !
  • 11. Profilo aziendale YOROI What they do! Apport -> Intercepts crashes right when they happen the first time, gathers system information and send back to developers stack traces and useful infos to fixt the crash package-data-downloader -> used by software installers such as dpkg and apt.
  • 12. Profilo aziendale YOROI What they do! SubProcess … Why ? /usr/bin/lls … What ?
  • 13. Profilo aziendale YOROI What they do! SubProcess … Why ? /usr/bin/lls … What ?
  • 16. Profilo aziendale YOROI What they do! Connect to 198.216.87.22 ?
  • 17. Profilo aziendale YOROI What they do! Ok, let’s intercept what it sends to 198 ! On the client side in the meanwhile ... Oh boy… really ?
  • 19. Profilo aziendale YOROI What they do! Ok, we’ve got password exfiltration every crash dump and every software update and machine control since ssh is available. But how they trigger persistence on a server ? Maybe attackers trigger crashes from outside ?
  • 20. Profilo aziendale YOROI What they do! Et Voilà ! CVE-2014-3583
  • 21. Profilo aziendale YOROI What they do! Ok, we know pretty much a lot of things about the intrusion even how they get persistence... But why the user reported a “strange behavior” ? Maybe attackers needed such a server as pivot server ? Oh..Oh !!
  • 22. Profilo aziendale YOROI What they do! Here we go ! A nice SEH BOverflow on Windows We need to asks for another server Image ….. :D Ok not today...
  • 23. Profilo aziendale YOROI What they do! It was a quite original way to penetrate a system… is it a new fancy opportunistic way ?
  • 25. Profilo aziendale YOROI What they do! How “lls” landed here ?
  • 26. Profilo aziendale YOROI What they do! Only 5 iterations ? - Let’s check it out !
  • 27. Profilo aziendale YOROI What they do! A simple reminds on Linux passwords: ● schema: $id$salt$hashed ○ $1$ -> MD5 ○ $2a$ -> Blowfish ○ $2y$ -> Blowfish (8-bit chars) ○ $5$ -> SHA-256 ○ $6$ -> SHA-512 ● !: account is password locked ● *: account is locked ● !!: no password set (RedHat)
  • 30. Profilo aziendale YOROI Where they are! ● Unfortunately there is not a full learning path to become Cyber Security Analyst so far. ● There are a lot of classes on: ○ Reverse Engineer ○ Firmware Analyses ○ Forensic Analyses ○ Penetration Testing ○ Vulnerability Assessments ○ Secure Policy Assessment ○ . . . . . ● But a Cyber Security Analyst should be able to perform each of these actions + human interactions + strategic thinking + organization chart knowledge + problem solving
  • 32. Profilo aziendale YOROI We are Hiring ! www.yoroi.company