SlideShare a Scribd company logo

Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - Codemotion Rome 2017

Codemotion
Codemotion

Cyber security is one of the most challenging topics in the current era. Cyber attacks are becoming day by day more sophisticated and difficult to be detected by automated systems. People who understand cyber threats and act to block cyber attacks are defined as cyber analysts. But what do they really do? What difficulties do they meet and what background should they have before starting the "neverending" "cyber security" learning path? Why is not enough an automated system? Marco will talk about real experiences on the cyber analyst field.

1 of 32
Download to read offline
Profilo aziendale YOROI November 26 2016 CodeMotion Milan Marco Ramilli
Profilo aziendale YOROI Cyber Analysts: who they are, what they do, where they are !
Profilo aziendale YOROI Agenda: - Cyber Analysts: who they are! - Cyber Analysts: what they do! - Cyber Analysts: where they are!
Profilo aziendale YOROI Today’s Host ● PhD in Bologna Joint UCDavis ○ Cyber Security, Penetration Testing US Voting Machines ○ Books and Publications ● NIST ○ OEVT ○ Penetration Testing methodologies to help US Democracy ● Palantir ○ Product Company ○ Intelligence Company ● Yoroi ○ One of the most extraordinary cyber security company founded in Europe (Hakin9)
Profilo aziendale YOROI Who they are! Nowadays is not a trivial topic: ● Deep Learning Machines ● Cognitive Computing ● Machine Learning Algorithms ● Neural Networks Undermine the Human side of Cyber Security Analysis. But could that technology really take off the human side of this job ?
Profilo aziendale YOROI Who they are! Dark Avenger Mutation Algorithm (1993) It could produce some decryptor cases that appeared only in about 5% or less of all cases. However, the engine had a couple of minor limitations that were enough to detect the virus reliably using an instruction size disassembler and a state machine. In fact, there is only one constant byte in an MtE decryptor, the 0x75 (JNZ), which is followed by a negative offset—and even that is placed at a variable location (at the end of the decryptor, whose length is not constant).
Profilo aziendale YOROI Who they are! Super Simple Malware Evasion Technique. Credits: https://www.exploit-db.com/34591
Profilo aziendale YOROI Who they are! Red Pill Approach credits: A fistful of red-pills: How to automatically generate procedures to detect CPU emulators
Profilo aziendale YOROI Who they are!
Profilo aziendale YOROI What they do! ● Day 1, Morning. A new event from Yoroi Defence Center saying a server is performing weird network requests. ● Day 1, Afternoon. A VMWare image is sent to Cyber Analyst email box he’ gotta run !
Profilo aziendale YOROI What they do! Apport -> Intercepts crashes right when they happen the first time, gathers system information and send back to developers stack traces and useful infos to fixt the crash package-data-downloader -> used by software installers such as dpkg and apt.
Profilo aziendale YOROI What they do! SubProcess … Why ? /usr/bin/lls … What ?
Profilo aziendale YOROI What they do! SubProcess … Why ? /usr/bin/lls … What ?
Profilo aziendale YOROI What they do!
Profilo aziendale YOROI What they do!
Profilo aziendale YOROI What they do! Connect to 198.216.87.22 ?
Profilo aziendale YOROI What they do! Ok, let’s intercept what it sends to 198 ! On the client side in the meanwhile ... Oh boy… really ?
Profilo aziendale YOROI What they do!
Profilo aziendale YOROI What they do! Ok, we’ve got password exfiltration every crash dump and every software update and machine control since ssh is available. But how they trigger persistence on a server ? Maybe attackers trigger crashes from outside ?
Profilo aziendale YOROI What they do! Et Voilà ! CVE-2014-3583
Profilo aziendale YOROI What they do! Ok, we know pretty much a lot of things about the intrusion even how they get persistence... But why the user reported a “strange behavior” ? Maybe attackers needed such a server as pivot server ? Oh..Oh !!
Profilo aziendale YOROI What they do! Here we go ! A nice SEH BOverflow on Windows We need to asks for another server Image ….. :D Ok not today...
Profilo aziendale YOROI What they do! It was a quite original way to penetrate a system… is it a new fancy opportunistic way ?
Profilo aziendale YOROI What they do!
Profilo aziendale YOROI What they do! How “lls” landed here ?
Profilo aziendale YOROI What they do! Only 5 iterations ? - Let’s check it out !
Profilo aziendale YOROI What they do! A simple reminds on Linux passwords: ● schema: $id$salt$hashed ○ $1$ -> MD5 ○ $2a$ -> Blowfish ○ $2y$ -> Blowfish (8-bit chars) ○ $5$ -> SHA-256 ○ $6$ -> SHA-512 ● !: account is password locked ● *: account is locked ● !!: no password set (RedHat)
Profilo aziendale YOROI What they do!
Profilo aziendale YOROI What they do!
Profilo aziendale YOROI Where they are! ● Unfortunately there is not a full learning path to become Cyber Security Analyst so far. ● There are a lot of classes on: ○ Reverse Engineer ○ Firmware Analyses ○ Forensic Analyses ○ Penetration Testing ○ Vulnerability Assessments ○ Secure Policy Assessment ○ . . . . . ● But a Cyber Security Analyst should be able to perform each of these actions + human interactions + strategic thinking + organization chart knowledge + problem solving
Profilo aziendale YOROI Where they are !
Profilo aziendale YOROI We are Hiring ! www.yoroi.company

Recommended

NYU Hacknight: iOS and OSX ABI
NYU Hacknight: iOS and OSX ABINYU Hacknight: iOS and OSX ABI
NYU Hacknight: iOS and OSX ABI
Mikhail Sosonkin
 
Web Based Virtual Reality - Tanay Pant - Codemotion Rome 2017
Web Based Virtual Reality - Tanay Pant - Codemotion Rome 2017Web Based Virtual Reality - Tanay Pant - Codemotion Rome 2017
Web Based Virtual Reality - Tanay Pant - Codemotion Rome 2017
Codemotion
 
Invader Studios: sviluppatori da “Incubo” - Tiziano Bucci - Codemotion Rome ...
Invader Studios: sviluppatori da “Incubo” - Tiziano Bucci - Codemotion Rome ...Invader Studios: sviluppatori da “Incubo” - Tiziano Bucci - Codemotion Rome ...
Invader Studios: sviluppatori da “Incubo” - Tiziano Bucci - Codemotion Rome ...
Codemotion
 
Comics and immersive storytelling in Virtual Reality - Fabio Corrirossi - Cod...
Comics and immersive storytelling in Virtual Reality - Fabio Corrirossi - Cod...Comics and immersive storytelling in Virtual Reality - Fabio Corrirossi - Cod...
Comics and immersive storytelling in Virtual Reality - Fabio Corrirossi - Cod...
Codemotion
 
Il game audio come processo ingegneristico - Davide Pensato - Codemotion Rome...
Il game audio come processo ingegneristico - Davide Pensato - Codemotion Rome...Il game audio come processo ingegneristico - Davide Pensato - Codemotion Rome...
Il game audio come processo ingegneristico - Davide Pensato - Codemotion Rome...
Codemotion
 
Commodore 64 Mon Amour(2): sprite multiplexing. Il caso Catalypse e altre sto...
Commodore 64 Mon Amour(2): sprite multiplexing. Il caso Catalypse e altre sto...Commodore 64 Mon Amour(2): sprite multiplexing. Il caso Catalypse e altre sto...
Commodore 64 Mon Amour(2): sprite multiplexing. Il caso Catalypse e altre sto...
Codemotion
 
Galateo semi-serio dell'Open Source - Luigi Dell' Aquila - Codemotion Rome 2017
Galateo semi-serio dell'Open Source - Luigi Dell' Aquila - Codemotion Rome 2017Galateo semi-serio dell'Open Source - Luigi Dell' Aquila - Codemotion Rome 2017
Galateo semi-serio dell'Open Source - Luigi Dell' Aquila - Codemotion Rome 2017
Codemotion
 
Component-Based UI Architectures for the Web - Andrew Rota - Codemotion Rome...
Component-Based UI Architectures for the Web - Andrew Rota - Codemotion Rome...Component-Based UI Architectures for the Web - Andrew Rota - Codemotion Rome...
Component-Based UI Architectures for the Web - Andrew Rota - Codemotion Rome...
Codemotion
 

Recommended

NYU Hacknight: iOS and OSX ABI
NYU Hacknight: iOS and OSX ABINYU Hacknight: iOS and OSX ABI
NYU Hacknight: iOS and OSX ABI
Mikhail Sosonkin
 
Web Based Virtual Reality - Tanay Pant - Codemotion Rome 2017
Web Based Virtual Reality - Tanay Pant - Codemotion Rome 2017Web Based Virtual Reality - Tanay Pant - Codemotion Rome 2017
Web Based Virtual Reality - Tanay Pant - Codemotion Rome 2017
Codemotion
 
Invader Studios: sviluppatori da “Incubo” - Tiziano Bucci - Codemotion Rome ...
Invader Studios: sviluppatori da “Incubo” - Tiziano Bucci - Codemotion Rome ...Invader Studios: sviluppatori da “Incubo” - Tiziano Bucci - Codemotion Rome ...
Invader Studios: sviluppatori da “Incubo” - Tiziano Bucci - Codemotion Rome ...
Codemotion
 
Comics and immersive storytelling in Virtual Reality - Fabio Corrirossi - Cod...
Comics and immersive storytelling in Virtual Reality - Fabio Corrirossi - Cod...Comics and immersive storytelling in Virtual Reality - Fabio Corrirossi - Cod...
Comics and immersive storytelling in Virtual Reality - Fabio Corrirossi - Cod...
Codemotion
 
Il game audio come processo ingegneristico - Davide Pensato - Codemotion Rome...
Il game audio come processo ingegneristico - Davide Pensato - Codemotion Rome...Il game audio come processo ingegneristico - Davide Pensato - Codemotion Rome...
Il game audio come processo ingegneristico - Davide Pensato - Codemotion Rome...
Codemotion
 
Commodore 64 Mon Amour(2): sprite multiplexing. Il caso Catalypse e altre sto...
Commodore 64 Mon Amour(2): sprite multiplexing. Il caso Catalypse e altre sto...Commodore 64 Mon Amour(2): sprite multiplexing. Il caso Catalypse e altre sto...
Commodore 64 Mon Amour(2): sprite multiplexing. Il caso Catalypse e altre sto...
Codemotion
 
Galateo semi-serio dell'Open Source - Luigi Dell' Aquila - Codemotion Rome 2017
Galateo semi-serio dell'Open Source - Luigi Dell' Aquila - Codemotion Rome 2017Galateo semi-serio dell'Open Source - Luigi Dell' Aquila - Codemotion Rome 2017
Galateo semi-serio dell'Open Source - Luigi Dell' Aquila - Codemotion Rome 2017
Codemotion
 
Component-Based UI Architectures for the Web - Andrew Rota - Codemotion Rome...
Component-Based UI Architectures for the Web - Andrew Rota - Codemotion Rome...Component-Based UI Architectures for the Web - Andrew Rota - Codemotion Rome...
Component-Based UI Architectures for the Web - Andrew Rota - Codemotion Rome...
Codemotion
 
Unreal Engine 4 Blueprints: Odio e amore Roberto De Ioris - Codemotion Rome 2017
Unreal Engine 4 Blueprints: Odio e amore Roberto De Ioris - Codemotion Rome 2017Unreal Engine 4 Blueprints: Odio e amore Roberto De Ioris - Codemotion Rome 2017
Unreal Engine 4 Blueprints: Odio e amore Roberto De Ioris - Codemotion Rome 2017
Codemotion
 
Kunos Simulazioni and Assetto Corsa, behind the scenes- Alessandro Piva, Fabr...
Kunos Simulazioni and Assetto Corsa, behind the scenes- Alessandro Piva, Fabr...Kunos Simulazioni and Assetto Corsa, behind the scenes- Alessandro Piva, Fabr...
Kunos Simulazioni and Assetto Corsa, behind the scenes- Alessandro Piva, Fabr...
Codemotion
 
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Codemotion
 
Thinking Functionally - John Stevenson - Codemotion Rome 2017
Thinking Functionally - John Stevenson - Codemotion Rome 2017Thinking Functionally - John Stevenson - Codemotion Rome 2017
Thinking Functionally - John Stevenson - Codemotion Rome 2017
Codemotion
 
Meetup Code Garden Roma e Java User Group Roma: metodi asincroni con Spring -...
Meetup Code Garden Roma e Java User Group Roma: metodi asincroni con Spring -...Meetup Code Garden Roma e Java User Group Roma: metodi asincroni con Spring -...
Meetup Code Garden Roma e Java User Group Roma: metodi asincroni con Spring -...
Codemotion
 
Full-Text Search Explained - Philipp Krenn - Codemotion Rome 2017
Full-Text Search Explained - Philipp Krenn - Codemotion Rome 2017Full-Text Search Explained - Philipp Krenn - Codemotion Rome 2017
Full-Text Search Explained - Philipp Krenn - Codemotion Rome 2017
Codemotion
 
Handle insane devices traffic using Google Cloud Platform - Andrea Ulisse - C...
Handle insane devices traffic using Google Cloud Platform - Andrea Ulisse - C...Handle insane devices traffic using Google Cloud Platform - Andrea Ulisse - C...
Handle insane devices traffic using Google Cloud Platform - Andrea Ulisse - C...
Codemotion
 
Cyber Security in Multi Cloud Architecture - Luca Di Bari - Codemotion Rome 2017
Cyber Security in Multi Cloud Architecture - Luca Di Bari - Codemotion Rome 2017Cyber Security in Multi Cloud Architecture - Luca Di Bari - Codemotion Rome 2017
Cyber Security in Multi Cloud Architecture - Luca Di Bari - Codemotion Rome 2017
Codemotion
 
Xamarin.Forms Performance Tips & Tricks - Francesco Bonacci - Codemotion Rome...
Xamarin.Forms Performance Tips & Tricks - Francesco Bonacci - Codemotion Rome...Xamarin.Forms Performance Tips & Tricks - Francesco Bonacci - Codemotion Rome...
Xamarin.Forms Performance Tips & Tricks - Francesco Bonacci - Codemotion Rome...
Codemotion
 
The busy developer guide to Docker - Maurice de Beijer - Codemotion Rome 2017
The busy developer guide to Docker - Maurice de Beijer - Codemotion Rome 2017The busy developer guide to Docker - Maurice de Beijer - Codemotion Rome 2017
The busy developer guide to Docker - Maurice de Beijer - Codemotion Rome 2017
Codemotion
 
S3, Cassandra or Outer Space? Dumping Time Series Data using Spark - Demi Be...
S3, Cassandra or Outer Space? Dumping Time Series Data using Spark - Demi Be...S3, Cassandra or Outer Space? Dumping Time Series Data using Spark - Demi Be...
S3, Cassandra or Outer Space? Dumping Time Series Data using Spark - Demi Be...
Codemotion
 
Barbarians at the Gate(way) - Dave Lewis - Codemotion Rome 2017
Barbarians at the Gate(way) - Dave Lewis - Codemotion Rome 2017Barbarians at the Gate(way) - Dave Lewis - Codemotion Rome 2017
Barbarians at the Gate(way) - Dave Lewis - Codemotion Rome 2017
Codemotion
 
Container orchestration: the cold war - Giulio De Donato - Codemotion Rome 2017
Container orchestration: the cold war - Giulio De Donato - Codemotion Rome 2017Container orchestration: the cold war - Giulio De Donato - Codemotion Rome 2017
Container orchestration: the cold war - Giulio De Donato - Codemotion Rome 2017
Codemotion
 
An Introduction to Apache Ignite - Mandhir Gidda - Codemotion Rome 2017
An Introduction to Apache Ignite - Mandhir Gidda - Codemotion Rome 2017An Introduction to Apache Ignite - Mandhir Gidda - Codemotion Rome 2017
An Introduction to Apache Ignite - Mandhir Gidda - Codemotion Rome 2017
Codemotion
 
Docker Inside/Out: the ‘real’ real-world of stacking containers in production...
Docker Inside/Out: the ‘real’ real-world of stacking containers in production...Docker Inside/Out: the ‘real’ real-world of stacking containers in production...
Docker Inside/Out: the ‘real’ real-world of stacking containers in production...
Codemotion
 
Monitoring Big Data Systems Done "The Simple Way" - Demi Ben-Ari - Codemotion...
Monitoring Big Data Systems Done "The Simple Way" - Demi Ben-Ari - Codemotion...Monitoring Big Data Systems Done "The Simple Way" - Demi Ben-Ari - Codemotion...
Monitoring Big Data Systems Done "The Simple Way" - Demi Ben-Ari - Codemotion...
Codemotion
 
Microservice Plumbing - Glynn Bird - Codemotion Rome 2017
Microservice Plumbing - Glynn Bird - Codemotion Rome 2017Microservice Plumbing - Glynn Bird - Codemotion Rome 2017
Microservice Plumbing - Glynn Bird - Codemotion Rome 2017
Codemotion
 
Event-Sourcing your React-Redux applications - Maurice de Beijer - Codemotion...
Event-Sourcing your React-Redux applications - Maurice de Beijer - Codemotion...Event-Sourcing your React-Redux applications - Maurice de Beijer - Codemotion...
Event-Sourcing your React-Redux applications - Maurice de Beijer - Codemotion...
Codemotion
 
From a Developer's POV: is Machine Learning Reshaping the World? - Simone Sca...
From a Developer's POV: is Machine Learning Reshaping the World? - Simone Sca...From a Developer's POV: is Machine Learning Reshaping the World? - Simone Sca...
From a Developer's POV: is Machine Learning Reshaping the World? - Simone Sca...
Codemotion
 
I just hacked your app! - Marcos Placona - Codemotion Rome 2017
I just hacked your app! - Marcos Placona - Codemotion Rome 2017I just hacked your app! - Marcos Placona - Codemotion Rome 2017
I just hacked your app! - Marcos Placona - Codemotion Rome 2017
Codemotion
 
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Codemotion
 
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
OpenSlidesArchive
 

More Related Content

Viewers also liked

Unreal Engine 4 Blueprints: Odio e amore Roberto De Ioris - Codemotion Rome 2017
Unreal Engine 4 Blueprints: Odio e amore Roberto De Ioris - Codemotion Rome 2017Unreal Engine 4 Blueprints: Odio e amore Roberto De Ioris - Codemotion Rome 2017
Unreal Engine 4 Blueprints: Odio e amore Roberto De Ioris - Codemotion Rome 2017
Codemotion
 
Kunos Simulazioni and Assetto Corsa, behind the scenes- Alessandro Piva, Fabr...
Kunos Simulazioni and Assetto Corsa, behind the scenes- Alessandro Piva, Fabr...Kunos Simulazioni and Assetto Corsa, behind the scenes- Alessandro Piva, Fabr...
Kunos Simulazioni and Assetto Corsa, behind the scenes- Alessandro Piva, Fabr...
Codemotion
 
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Codemotion
 
Thinking Functionally - John Stevenson - Codemotion Rome 2017
Thinking Functionally - John Stevenson - Codemotion Rome 2017Thinking Functionally - John Stevenson - Codemotion Rome 2017
Thinking Functionally - John Stevenson - Codemotion Rome 2017
Codemotion
 
Meetup Code Garden Roma e Java User Group Roma: metodi asincroni con Spring -...
Meetup Code Garden Roma e Java User Group Roma: metodi asincroni con Spring -...Meetup Code Garden Roma e Java User Group Roma: metodi asincroni con Spring -...
Meetup Code Garden Roma e Java User Group Roma: metodi asincroni con Spring -...
Codemotion
 
Full-Text Search Explained - Philipp Krenn - Codemotion Rome 2017
Full-Text Search Explained - Philipp Krenn - Codemotion Rome 2017Full-Text Search Explained - Philipp Krenn - Codemotion Rome 2017
Full-Text Search Explained - Philipp Krenn - Codemotion Rome 2017
Codemotion
 
Handle insane devices traffic using Google Cloud Platform - Andrea Ulisse - C...
Handle insane devices traffic using Google Cloud Platform - Andrea Ulisse - C...Handle insane devices traffic using Google Cloud Platform - Andrea Ulisse - C...
Handle insane devices traffic using Google Cloud Platform - Andrea Ulisse - C...
Codemotion
 
Cyber Security in Multi Cloud Architecture - Luca Di Bari - Codemotion Rome 2017
Cyber Security in Multi Cloud Architecture - Luca Di Bari - Codemotion Rome 2017Cyber Security in Multi Cloud Architecture - Luca Di Bari - Codemotion Rome 2017
Cyber Security in Multi Cloud Architecture - Luca Di Bari - Codemotion Rome 2017
Codemotion
 
Xamarin.Forms Performance Tips & Tricks - Francesco Bonacci - Codemotion Rome...
Xamarin.Forms Performance Tips & Tricks - Francesco Bonacci - Codemotion Rome...Xamarin.Forms Performance Tips & Tricks - Francesco Bonacci - Codemotion Rome...
Xamarin.Forms Performance Tips & Tricks - Francesco Bonacci - Codemotion Rome...
Codemotion
 
The busy developer guide to Docker - Maurice de Beijer - Codemotion Rome 2017
The busy developer guide to Docker - Maurice de Beijer - Codemotion Rome 2017The busy developer guide to Docker - Maurice de Beijer - Codemotion Rome 2017
The busy developer guide to Docker - Maurice de Beijer - Codemotion Rome 2017
Codemotion
 
S3, Cassandra or Outer Space? Dumping Time Series Data using Spark - Demi Be...
S3, Cassandra or Outer Space? Dumping Time Series Data using Spark - Demi Be...S3, Cassandra or Outer Space? Dumping Time Series Data using Spark - Demi Be...
S3, Cassandra or Outer Space? Dumping Time Series Data using Spark - Demi Be...
Codemotion
 
Barbarians at the Gate(way) - Dave Lewis - Codemotion Rome 2017
Barbarians at the Gate(way) - Dave Lewis - Codemotion Rome 2017Barbarians at the Gate(way) - Dave Lewis - Codemotion Rome 2017
Barbarians at the Gate(way) - Dave Lewis - Codemotion Rome 2017
Codemotion
 
Container orchestration: the cold war - Giulio De Donato - Codemotion Rome 2017
Container orchestration: the cold war - Giulio De Donato - Codemotion Rome 2017Container orchestration: the cold war - Giulio De Donato - Codemotion Rome 2017
Container orchestration: the cold war - Giulio De Donato - Codemotion Rome 2017
Codemotion
 
An Introduction to Apache Ignite - Mandhir Gidda - Codemotion Rome 2017
An Introduction to Apache Ignite - Mandhir Gidda - Codemotion Rome 2017An Introduction to Apache Ignite - Mandhir Gidda - Codemotion Rome 2017
An Introduction to Apache Ignite - Mandhir Gidda - Codemotion Rome 2017
Codemotion
 
Docker Inside/Out: the ‘real’ real-world of stacking containers in production...
Docker Inside/Out: the ‘real’ real-world of stacking containers in production...Docker Inside/Out: the ‘real’ real-world of stacking containers in production...
Docker Inside/Out: the ‘real’ real-world of stacking containers in production...
Codemotion
 
Monitoring Big Data Systems Done "The Simple Way" - Demi Ben-Ari - Codemotion...
Monitoring Big Data Systems Done "The Simple Way" - Demi Ben-Ari - Codemotion...Monitoring Big Data Systems Done "The Simple Way" - Demi Ben-Ari - Codemotion...
Monitoring Big Data Systems Done "The Simple Way" - Demi Ben-Ari - Codemotion...
Codemotion
 
Microservice Plumbing - Glynn Bird - Codemotion Rome 2017
Microservice Plumbing - Glynn Bird - Codemotion Rome 2017Microservice Plumbing - Glynn Bird - Codemotion Rome 2017
Microservice Plumbing - Glynn Bird - Codemotion Rome 2017
Codemotion
 
Event-Sourcing your React-Redux applications - Maurice de Beijer - Codemotion...
Event-Sourcing your React-Redux applications - Maurice de Beijer - Codemotion...Event-Sourcing your React-Redux applications - Maurice de Beijer - Codemotion...
Event-Sourcing your React-Redux applications - Maurice de Beijer - Codemotion...
Codemotion
 
From a Developer's POV: is Machine Learning Reshaping the World? - Simone Sca...
From a Developer's POV: is Machine Learning Reshaping the World? - Simone Sca...From a Developer's POV: is Machine Learning Reshaping the World? - Simone Sca...
From a Developer's POV: is Machine Learning Reshaping the World? - Simone Sca...
Codemotion
 
I just hacked your app! - Marcos Placona - Codemotion Rome 2017
I just hacked your app! - Marcos Placona - Codemotion Rome 2017I just hacked your app! - Marcos Placona - Codemotion Rome 2017
I just hacked your app! - Marcos Placona - Codemotion Rome 2017
Codemotion
 

Viewers also liked (20)

Unreal Engine 4 Blueprints: Odio e amore Roberto De Ioris - Codemotion Rome 2017
Unreal Engine 4 Blueprints: Odio e amore Roberto De Ioris - Codemotion Rome 2017Unreal Engine 4 Blueprints: Odio e amore Roberto De Ioris - Codemotion Rome 2017
Unreal Engine 4 Blueprints: Odio e amore Roberto De Ioris - Codemotion Rome 2017
 
Kunos Simulazioni and Assetto Corsa, behind the scenes- Alessandro Piva, Fabr...
Kunos Simulazioni and Assetto Corsa, behind the scenes- Alessandro Piva, Fabr...Kunos Simulazioni and Assetto Corsa, behind the scenes- Alessandro Piva, Fabr...
Kunos Simulazioni and Assetto Corsa, behind the scenes- Alessandro Piva, Fabr...
 
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
 
Thinking Functionally - John Stevenson - Codemotion Rome 2017
Thinking Functionally - John Stevenson - Codemotion Rome 2017Thinking Functionally - John Stevenson - Codemotion Rome 2017
Thinking Functionally - John Stevenson - Codemotion Rome 2017
 
Meetup Code Garden Roma e Java User Group Roma: metodi asincroni con Spring -...
Meetup Code Garden Roma e Java User Group Roma: metodi asincroni con Spring -...Meetup Code Garden Roma e Java User Group Roma: metodi asincroni con Spring -...
Meetup Code Garden Roma e Java User Group Roma: metodi asincroni con Spring -...
 
Full-Text Search Explained - Philipp Krenn - Codemotion Rome 2017
Full-Text Search Explained - Philipp Krenn - Codemotion Rome 2017Full-Text Search Explained - Philipp Krenn - Codemotion Rome 2017
Full-Text Search Explained - Philipp Krenn - Codemotion Rome 2017
 
Handle insane devices traffic using Google Cloud Platform - Andrea Ulisse - C...
Handle insane devices traffic using Google Cloud Platform - Andrea Ulisse - C...Handle insane devices traffic using Google Cloud Platform - Andrea Ulisse - C...
Handle insane devices traffic using Google Cloud Platform - Andrea Ulisse - C...
 
Cyber Security in Multi Cloud Architecture - Luca Di Bari - Codemotion Rome 2017
Cyber Security in Multi Cloud Architecture - Luca Di Bari - Codemotion Rome 2017Cyber Security in Multi Cloud Architecture - Luca Di Bari - Codemotion Rome 2017
Cyber Security in Multi Cloud Architecture - Luca Di Bari - Codemotion Rome 2017
 
Xamarin.Forms Performance Tips & Tricks - Francesco Bonacci - Codemotion Rome...
Xamarin.Forms Performance Tips & Tricks - Francesco Bonacci - Codemotion Rome...Xamarin.Forms Performance Tips & Tricks - Francesco Bonacci - Codemotion Rome...
Xamarin.Forms Performance Tips & Tricks - Francesco Bonacci - Codemotion Rome...
 
The busy developer guide to Docker - Maurice de Beijer - Codemotion Rome 2017
The busy developer guide to Docker - Maurice de Beijer - Codemotion Rome 2017The busy developer guide to Docker - Maurice de Beijer - Codemotion Rome 2017
The busy developer guide to Docker - Maurice de Beijer - Codemotion Rome 2017
 
S3, Cassandra or Outer Space? Dumping Time Series Data using Spark - Demi Be...
S3, Cassandra or Outer Space? Dumping Time Series Data using Spark - Demi Be...S3, Cassandra or Outer Space? Dumping Time Series Data using Spark - Demi Be...
S3, Cassandra or Outer Space? Dumping Time Series Data using Spark - Demi Be...
 
Barbarians at the Gate(way) - Dave Lewis - Codemotion Rome 2017
Barbarians at the Gate(way) - Dave Lewis - Codemotion Rome 2017Barbarians at the Gate(way) - Dave Lewis - Codemotion Rome 2017
Barbarians at the Gate(way) - Dave Lewis - Codemotion Rome 2017
 
Container orchestration: the cold war - Giulio De Donato - Codemotion Rome 2017
Container orchestration: the cold war - Giulio De Donato - Codemotion Rome 2017Container orchestration: the cold war - Giulio De Donato - Codemotion Rome 2017
Container orchestration: the cold war - Giulio De Donato - Codemotion Rome 2017
 
An Introduction to Apache Ignite - Mandhir Gidda - Codemotion Rome 2017
An Introduction to Apache Ignite - Mandhir Gidda - Codemotion Rome 2017An Introduction to Apache Ignite - Mandhir Gidda - Codemotion Rome 2017
An Introduction to Apache Ignite - Mandhir Gidda - Codemotion Rome 2017
 
Docker Inside/Out: the ‘real’ real-world of stacking containers in production...
Docker Inside/Out: the ‘real’ real-world of stacking containers in production...Docker Inside/Out: the ‘real’ real-world of stacking containers in production...
Docker Inside/Out: the ‘real’ real-world of stacking containers in production...
 
Monitoring Big Data Systems Done "The Simple Way" - Demi Ben-Ari - Codemotion...
Monitoring Big Data Systems Done "The Simple Way" - Demi Ben-Ari - Codemotion...Monitoring Big Data Systems Done "The Simple Way" - Demi Ben-Ari - Codemotion...
Monitoring Big Data Systems Done "The Simple Way" - Demi Ben-Ari - Codemotion...
 
Microservice Plumbing - Glynn Bird - Codemotion Rome 2017
Microservice Plumbing - Glynn Bird - Codemotion Rome 2017Microservice Plumbing - Glynn Bird - Codemotion Rome 2017
Microservice Plumbing - Glynn Bird - Codemotion Rome 2017
 
Event-Sourcing your React-Redux applications - Maurice de Beijer - Codemotion...
Event-Sourcing your React-Redux applications - Maurice de Beijer - Codemotion...Event-Sourcing your React-Redux applications - Maurice de Beijer - Codemotion...
Event-Sourcing your React-Redux applications - Maurice de Beijer - Codemotion...
 
From a Developer's POV: is Machine Learning Reshaping the World? - Simone Sca...
From a Developer's POV: is Machine Learning Reshaping the World? - Simone Sca...From a Developer's POV: is Machine Learning Reshaping the World? - Simone Sca...
From a Developer's POV: is Machine Learning Reshaping the World? - Simone Sca...
 
I just hacked your app! - Marcos Placona - Codemotion Rome 2017
I just hacked your app! - Marcos Placona - Codemotion Rome 2017I just hacked your app! - Marcos Placona - Codemotion Rome 2017
I just hacked your app! - Marcos Placona - Codemotion Rome 2017
 

Similar to Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - Codemotion Rome 2017

Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Codemotion
 
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
OpenSlidesArchive
 
Malware's Most Wanted: How to tell BADware from adware
Malware's Most Wanted: How to tell BADware from adwareMalware's Most Wanted: How to tell BADware from adware
Malware's Most Wanted: How to tell BADware from adware
Cyphort
 
The difference between a duck
The difference between a duckThe difference between a duck
The difference between a duck
SensePost
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015
Zoltan Balazs
 
Data Driven Security, from Gartner Security Summit 2012
Data Driven Security, from Gartner Security Summit 2012Data Driven Security, from Gartner Security Summit 2012
Data Driven Security, from Gartner Security Summit 2012Nick Galbreath
 
On hacking & security
On hacking & security On hacking & security
On hacking & security
Ange Albertini
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Positive Hack Days
 
Brick all the internet of things!(with notes)
Brick all the internet of things!(with notes)Brick all the internet of things!(with notes)
Brick all the internet of things!(with notes)
Jimmy Shah
 
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
CODE BLUE
 
HITB2013AMS Defenting the enterprise, a russian way!
HITB2013AMS Defenting the enterprise, a russian way!HITB2013AMS Defenting the enterprise, a russian way!
HITB2013AMS Defenting the enterprise, a russian way!
F _
 
Os Nightingale
Os NightingaleOs Nightingale
Os Nightingaleoscon2007
 
A Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization TechnologyA Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization TechnologyFFRI, Inc.
 
Bulletproof IT Security
Bulletproof IT SecurityBulletproof IT Security
Bulletproof IT Security
London School of Cyber Security
 
LST Toolkit: Exfiltration Over Sound, Light, Touch
LST Toolkit: Exfiltration Over Sound, Light, TouchLST Toolkit: Exfiltration Over Sound, Light, Touch
LST Toolkit: Exfiltration Over Sound, Light, Touch
Dimitry Snezhkov
 
BSidesSF 2016 - A year in the wild: fighting malware at the corporate level
BSidesSF 2016 - A year in the wild: fighting malware at the corporate levelBSidesSF 2016 - A year in the wild: fighting malware at the corporate level
BSidesSF 2016 - A year in the wild: fighting malware at the corporate level
Jakub "Kuba" Sendor
 
North americai iotskynet-v2
North americai iotskynet-v2North americai iotskynet-v2
North americai iotskynet-v2
Steve Poole
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value Attacks
Cyphort
 
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)Security Bootcamp
 

Similar to Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - Codemotion Rome 2017 (20)

Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
 
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
 
Malware's Most Wanted: How to tell BADware from adware
Malware's Most Wanted: How to tell BADware from adwareMalware's Most Wanted: How to tell BADware from adware
Malware's Most Wanted: How to tell BADware from adware
 
The difference between a duck
The difference between a duckThe difference between a duck
The difference between a duck
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015
 
Data Driven Security, from Gartner Security Summit 2012
Data Driven Security, from Gartner Security Summit 2012Data Driven Security, from Gartner Security Summit 2012
Data Driven Security, from Gartner Security Summit 2012
 
On hacking & security
On hacking & security On hacking & security
On hacking & security
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
 
Phd final
Phd finalPhd final
Phd final
 
Brick all the internet of things!(with notes)
Brick all the internet of things!(with notes)Brick all the internet of things!(with notes)
Brick all the internet of things!(with notes)
 
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
 
HITB2013AMS Defenting the enterprise, a russian way!
HITB2013AMS Defenting the enterprise, a russian way!HITB2013AMS Defenting the enterprise, a russian way!
HITB2013AMS Defenting the enterprise, a russian way!
 
Os Nightingale
Os NightingaleOs Nightingale
Os Nightingale
 
A Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization TechnologyA Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization Technology
 
Bulletproof IT Security
Bulletproof IT SecurityBulletproof IT Security
Bulletproof IT Security
 
LST Toolkit: Exfiltration Over Sound, Light, Touch
LST Toolkit: Exfiltration Over Sound, Light, TouchLST Toolkit: Exfiltration Over Sound, Light, Touch
LST Toolkit: Exfiltration Over Sound, Light, Touch
 
BSidesSF 2016 - A year in the wild: fighting malware at the corporate level
BSidesSF 2016 - A year in the wild: fighting malware at the corporate levelBSidesSF 2016 - A year in the wild: fighting malware at the corporate level
BSidesSF 2016 - A year in the wild: fighting malware at the corporate level
 
North americai iotskynet-v2
North americai iotskynet-v2North americai iotskynet-v2
North americai iotskynet-v2
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value Attacks
 
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
 

More from Codemotion

Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Codemotion
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending story
Codemotion
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storia
Codemotion
 
Pennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserPennisi - Essere Richard Altwasser
Pennisi - Essere Richard Altwasser
Codemotion
 
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Codemotion
 
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Codemotion
 
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Codemotion
 
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Codemotion
 
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Codemotion
 
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Codemotion
 
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Codemotion
 
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Codemotion
 
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Codemotion
 
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Codemotion
 
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Codemotion
 
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
Codemotion
 
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Codemotion
 
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Codemotion
 
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Codemotion
 
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Codemotion
 

More from Codemotion (20)

Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending story
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storia
 
Pennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserPennisi - Essere Richard Altwasser
Pennisi - Essere Richard Altwasser
 
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
 
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
 
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
 
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
 
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
 
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
 
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
 
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
 
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
 
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
 
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
 
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
 
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
 
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
 
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
 
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
 

Recently uploaded

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 

Recently uploaded (20)

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 

Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - Codemotion Rome 2017

  • 1. Profilo aziendale YOROI November 26 2016 CodeMotion Milan Marco Ramilli
  • 2. Profilo aziendale YOROI Cyber Analysts: who they are, what they do, where they are !
  • 3. Profilo aziendale YOROI Agenda: - Cyber Analysts: who they are! - Cyber Analysts: what they do! - Cyber Analysts: where they are!
  • 4. Profilo aziendale YOROI Today’s Host ● PhD in Bologna Joint UCDavis ○ Cyber Security, Penetration Testing US Voting Machines ○ Books and Publications ● NIST ○ OEVT ○ Penetration Testing methodologies to help US Democracy ● Palantir ○ Product Company ○ Intelligence Company ● Yoroi ○ One of the most extraordinary cyber security company founded in Europe (Hakin9)
  • 5. Profilo aziendale YOROI Who they are! Nowadays is not a trivial topic: ● Deep Learning Machines ● Cognitive Computing ● Machine Learning Algorithms ● Neural Networks Undermine the Human side of Cyber Security Analysis. But could that technology really take off the human side of this job ?
  • 6. Profilo aziendale YOROI Who they are! Dark Avenger Mutation Algorithm (1993) It could produce some decryptor cases that appeared only in about 5% or less of all cases. However, the engine had a couple of minor limitations that were enough to detect the virus reliably using an instruction size disassembler and a state machine. In fact, there is only one constant byte in an MtE decryptor, the 0x75 (JNZ), which is followed by a negative offset—and even that is placed at a variable location (at the end of the decryptor, whose length is not constant).
  • 7. Profilo aziendale YOROI Who they are! Super Simple Malware Evasion Technique. Credits: https://www.exploit-db.com/34591
  • 8. Profilo aziendale YOROI Who they are! Red Pill Approach credits: A fistful of red-pills: How to automatically generate procedures to detect CPU emulators
  • 10. Profilo aziendale YOROI What they do! ● Day 1, Morning. A new event from Yoroi Defence Center saying a server is performing weird network requests. ● Day 1, Afternoon. A VMWare image is sent to Cyber Analyst email box he’ gotta run !
  • 11. Profilo aziendale YOROI What they do! Apport -> Intercepts crashes right when they happen the first time, gathers system information and send back to developers stack traces and useful infos to fixt the crash package-data-downloader -> used by software installers such as dpkg and apt.
  • 12. Profilo aziendale YOROI What they do! SubProcess … Why ? /usr/bin/lls … What ?
  • 13. Profilo aziendale YOROI What they do! SubProcess … Why ? /usr/bin/lls … What ?
  • 16. Profilo aziendale YOROI What they do! Connect to 198.216.87.22 ?
  • 17. Profilo aziendale YOROI What they do! Ok, let’s intercept what it sends to 198 ! On the client side in the meanwhile ... Oh boy… really ?
  • 19. Profilo aziendale YOROI What they do! Ok, we’ve got password exfiltration every crash dump and every software update and machine control since ssh is available. But how they trigger persistence on a server ? Maybe attackers trigger crashes from outside ?
  • 20. Profilo aziendale YOROI What they do! Et Voilà ! CVE-2014-3583
  • 21. Profilo aziendale YOROI What they do! Ok, we know pretty much a lot of things about the intrusion even how they get persistence... But why the user reported a “strange behavior” ? Maybe attackers needed such a server as pivot server ? Oh..Oh !!
  • 22. Profilo aziendale YOROI What they do! Here we go ! A nice SEH BOverflow on Windows We need to asks for another server Image ….. :D Ok not today...
  • 23. Profilo aziendale YOROI What they do! It was a quite original way to penetrate a system… is it a new fancy opportunistic way ?
  • 25. Profilo aziendale YOROI What they do! How “lls” landed here ?
  • 26. Profilo aziendale YOROI What they do! Only 5 iterations ? - Let’s check it out !
  • 27. Profilo aziendale YOROI What they do! A simple reminds on Linux passwords: ● schema: $id$salt$hashed ○ $1$ -> MD5 ○ $2a$ -> Blowfish ○ $2y$ -> Blowfish (8-bit chars) ○ $5$ -> SHA-256 ○ $6$ -> SHA-512 ● !: account is password locked ● *: account is locked ● !!: no password set (RedHat)
  • 30. Profilo aziendale YOROI Where they are! ● Unfortunately there is not a full learning path to become Cyber Security Analyst so far. ● There are a lot of classes on: ○ Reverse Engineer ○ Firmware Analyses ○ Forensic Analyses ○ Penetration Testing ○ Vulnerability Assessments ○ Secure Policy Assessment ○ . . . . . ● But a Cyber Security Analyst should be able to perform each of these actions + human interactions + strategic thinking + organization chart knowledge + problem solving
  • 32. Profilo aziendale YOROI We are Hiring ! www.yoroi.company