Orchestrating Software Defined Networks To Disrupt The Apt Kill ChainPriyanka Aash
SDN capabilities like micro-segmentation, service chaining, and security orchestration can disrupt the APT kill chain. SDN allows automatic provisioning of dynamic security policies. It restricts lateral movement and transparently inserts compensating controls. Security orchestration further automates responses by leveraging intelligence to update network and host-based defenses based on incidents. Together, these SDN features counter APT persistence and give attackers a moving target.
The document discusses several advanced persistent threats (APTs) that have targeted systems in Korea and other countries, including the LuckyCat, Heartbeat, and Flashback malware campaigns. It provides details on the attacks, malware components, command and control infrastructure, and technical analysis of the threats. The document aims to help the digital forensics community in Korea understand these sophisticated cyber espionage activities and improve defenses against similar attacks.
This document discusses insider threats and strategies for detecting and preventing them. It outlines that while most breaches are caused by external attackers, insiders still cause significant damage in some cases. It describes the different types of insider threats and notes that prevention and detection require logs of network activity as well as a multidisciplinary approach. Specific tools like StealthWatch can provide network visibility and user identity integration to help identify suspicious insider behavior like data exfiltration or hoarding.
Insider threat: tackling cyber security risk from inside your organisation. This event provided an overview of the current state of understanding of who the “insiders” are; how they operate; what motivates them and what threats they pose to information systems.
안랩은 글로벌 통합 보안 기업으로서 다양한 네트워크 보안 제품의 라인업을 구축하고 있습니다. DDoS 방어 장
비인 TrusGuard DPX와 더불어 고성능 방화벽인 TrusGuard, APT 대응 솔루션인 TrusWatcher로 청정 네트워
크를 구현합니다. 또한 TrusGuard DPX는 DDoS에 특화된 사전 컨설팅, DDoS 공격 모의 대응 훈련, 보안 관제
등 다양한 서비스와 결합한 차별화된 프로세스를 선보입니다.
• 서비스 장애에 따른 매출 감소 및 업무 중단 방지
• 자동 대응을 통한 인적 리소스 부담 최소화
- 다양한 필터와 자가학습(Self-Learning)을 통한 자동 방어 설정 기능으로 운영 리소스 절감
※ 네트워크 장비를 통한 방어 시, 공격이 진행되는 동안 관리자가 수동으로 계속 접근제어 설정을 변경해야만 합니다.
• 신종 DDoS 공격에 대한 신속한 대응 가능
- 신종 공격 발견 시, 즉각적인 대응 필터 적용
※ 안랩은 지속적으로 신규 악성코드를 모니터링 및 분석하고 있으며, 이를 통해 2009년 7 · 7 DDoS 대란, 2011년 3 · 4
DDoS 공격 당시 그 진가를 유감없이 발휘한 바 있습니다.
• 모의 DDoS 공격 대응 훈련을 통한 기업의 DDoS 방어 능력 측정
(DPX 구매 시 DDoS 공격 대응 모의훈련 1회 무상 제공)
• 24시간 x 365일 관제 서비스를 통한 실시간 모니터링
(‘AhnLab DPX + 보안관제 서비스’ 패키지 이용 고객에 한 함)
•기업 내부의 좀비 PC 탐지 및 제거, 내부로부터의 DDoS 공격 발생 방지
(AhnLab DPX + AhnLab Watcher 패키지 구매 시)
This document does not contain any meaningful information to summarize in 3 sentences or less. It consists of random characters and symbols with no discernible topic, structure or content that could be accurately summarized.
Fotolog es un sitio web donde los usuarios pueden crear bitácoras para compartir fotos. Los usuarios publican generalmente una foto por día y pueden personalizar la apariencia de su página. El documento explica cómo crear una cuenta de Fotolog, cómo subir fotos, y las diferentes opciones y características disponibles en el sitio como añadir amigos, comprar artículos, y modificar el diseño y la información de la cuenta.
Orchestrating Software Defined Networks To Disrupt The Apt Kill ChainPriyanka Aash
SDN capabilities like micro-segmentation, service chaining, and security orchestration can disrupt the APT kill chain. SDN allows automatic provisioning of dynamic security policies. It restricts lateral movement and transparently inserts compensating controls. Security orchestration further automates responses by leveraging intelligence to update network and host-based defenses based on incidents. Together, these SDN features counter APT persistence and give attackers a moving target.
The document discusses several advanced persistent threats (APTs) that have targeted systems in Korea and other countries, including the LuckyCat, Heartbeat, and Flashback malware campaigns. It provides details on the attacks, malware components, command and control infrastructure, and technical analysis of the threats. The document aims to help the digital forensics community in Korea understand these sophisticated cyber espionage activities and improve defenses against similar attacks.
This document discusses insider threats and strategies for detecting and preventing them. It outlines that while most breaches are caused by external attackers, insiders still cause significant damage in some cases. It describes the different types of insider threats and notes that prevention and detection require logs of network activity as well as a multidisciplinary approach. Specific tools like StealthWatch can provide network visibility and user identity integration to help identify suspicious insider behavior like data exfiltration or hoarding.
Insider threat: tackling cyber security risk from inside your organisation. This event provided an overview of the current state of understanding of who the “insiders” are; how they operate; what motivates them and what threats they pose to information systems.
안랩은 글로벌 통합 보안 기업으로서 다양한 네트워크 보안 제품의 라인업을 구축하고 있습니다. DDoS 방어 장
비인 TrusGuard DPX와 더불어 고성능 방화벽인 TrusGuard, APT 대응 솔루션인 TrusWatcher로 청정 네트워
크를 구현합니다. 또한 TrusGuard DPX는 DDoS에 특화된 사전 컨설팅, DDoS 공격 모의 대응 훈련, 보안 관제
등 다양한 서비스와 결합한 차별화된 프로세스를 선보입니다.
• 서비스 장애에 따른 매출 감소 및 업무 중단 방지
• 자동 대응을 통한 인적 리소스 부담 최소화
- 다양한 필터와 자가학습(Self-Learning)을 통한 자동 방어 설정 기능으로 운영 리소스 절감
※ 네트워크 장비를 통한 방어 시, 공격이 진행되는 동안 관리자가 수동으로 계속 접근제어 설정을 변경해야만 합니다.
• 신종 DDoS 공격에 대한 신속한 대응 가능
- 신종 공격 발견 시, 즉각적인 대응 필터 적용
※ 안랩은 지속적으로 신규 악성코드를 모니터링 및 분석하고 있으며, 이를 통해 2009년 7 · 7 DDoS 대란, 2011년 3 · 4
DDoS 공격 당시 그 진가를 유감없이 발휘한 바 있습니다.
• 모의 DDoS 공격 대응 훈련을 통한 기업의 DDoS 방어 능력 측정
(DPX 구매 시 DDoS 공격 대응 모의훈련 1회 무상 제공)
• 24시간 x 365일 관제 서비스를 통한 실시간 모니터링
(‘AhnLab DPX + 보안관제 서비스’ 패키지 이용 고객에 한 함)
•기업 내부의 좀비 PC 탐지 및 제거, 내부로부터의 DDoS 공격 발생 방지
(AhnLab DPX + AhnLab Watcher 패키지 구매 시)
This document does not contain any meaningful information to summarize in 3 sentences or less. It consists of random characters and symbols with no discernible topic, structure or content that could be accurately summarized.
Fotolog es un sitio web donde los usuarios pueden crear bitácoras para compartir fotos. Los usuarios publican generalmente una foto por día y pueden personalizar la apariencia de su página. El documento explica cómo crear una cuenta de Fotolog, cómo subir fotos, y las diferentes opciones y características disponibles en el sitio como añadir amigos, comprar artículos, y modificar el diseño y la información de la cuenta.
AppCheck Pro 랜섬웨어 백신은 “상황 인식 기반 랜섬웨어 행위 탐지(Context-awareness based ransomware behavior detection)” 기술이 적용된 캅(CARB)엔진으로 현재까지 발견된 패턴 뿐 아니라 차후 출현 가능한 랜섬웨어까지도 탐지하여 기존 백신의 탐지 및 대응 방식으로는 빠르게 대응할 수 없는 랜섬웨어 위협으로부터 가장 확실하고 안전하게 방어할 수 있습니다
아토리서치 제품 중 하나인 SDN컨트롤러 오벨입니다
더 많은 자료를 홈페이지에서 보실 수 있습니다.
**아토리서치 SNS**
Website: http://www.atto-research.com/
Facebook: https://www.facebook.com/attoresearch/
Youtube: www.youtube.com/channel/UC3y0LupaApOalX1qPYH_hAg
This document discusses the $UsnJrnl journal file in NTFS file systems and its use for digital forensics investigations. The $UsnJrnl file records changes made to files and directories on the system. Tools are discussed for extracting and parsing the $UsnJrnl records to analyze file system activity and trace deleted files. The document also introduces NTFS Log Tracker v1.4, a tool that can carve $UsnJrnl records from unallocated space and perform keyword searches across recovered records.
This document discusses digital forensics analysis of call history and SMS data on Apple devices running OS X Yosemite. It provides information on the file paths and database formats used to store call history and SMS data, as well as the attributes that can be analyzed, such as sending/receiving dates, durations, and contact details. It also mentions that call history data may be encrypted and requires decryption to view contact details.
(140716) #fitalk digital evidence from android-based smartwatchINSIGHT FORENSIC
This document discusses extracting digital evidence from an Android-based Samsung Galaxy Gear smartwatch. It describes accessing the smartwatch by rooting it and then imaging the internal memory to extract potential digital evidence files. Four specific files are identified that could provide useful evidence, including Bluetooth pairing information, SMS/email sync data, find my device activity logs, and local weather information tied to location. The conclusion speculates that future work will focus on extracting evidence from newer Galaxy Gear models.
This document discusses SQLite record recovery from deleted areas of an SQLite database file. It begins with an introduction to SQLite and why it is useful for forensic analysis. It then covers the structure of SQLite database files including header pages, table B-trees, index B-trees, overflow pages, and free pages. The document simulates traversing and parsing the cells within a table B-tree to understand how records are stored and indexed. It aims to help analysts understand SQLite file structure to enable recovery of deleted records through analysis of unused areas.
This document discusses techniques for obfuscating URLs to hide malicious intent. It begins with an overview of URL shortening services that can be used to hide the destination of a link. Various methods for obfuscating URLs are then described, including encoding IP addresses in octal format, URL encoding, and tricks involving the URI structure. The document provides a challenge for safely deconstructing an obfuscated URL step-by-step either manually or automatically. It concludes with an explanation of how the challenge URL was obfuscated using chaining of different techniques.
The document discusses China's strategy of internet censorship and control. It mentions China's large number of internet users and rapid growth of mobile internet users. It then discusses China's strategy of "human-wave" attacks to overwhelm websites with traffic to enact censorship. Next, it discusses China's extensive censorship system called the "Great Firewall" and how it uses techniques like IP blocking and DNS filtering to control internet access and content. Finally, it briefly mentions the black market for DDoS attacks and real-money trading that has emerged from China's controls.
(130105) #fitalk trends in d forensics (dec, 2012)INSIGHT FORENSIC
This document summarizes trends in digital forensics from South Korea in December 2012. It discusses extracting malware from NTFS extended attributes, analyzing prefetch files, and trends for 2013 including growing mobile malware. It also summarizes testing of Windows 8 involving installing applications, connecting web accounts, and imaging a test laptop to analyze forensic artifacts.
(130105) #fitalk criminal civil judicial procedure in koreaINSIGHT FORENSIC
This document discusses digital forensics and the legal system in Korea. It provides an overview of criminal and civil judicial procedures, the role of expert witnesses, and precedents. It also examines the qualifications and certification process for digital forensics experts in Korea and other countries like the US. Key topics covered include how digital evidence is handled and the advantages of having an officially recognized expert.
(131116) #fitalk extracting user typing history on bash in mac os x memoryINSIGHT FORENSIC
This document provides an overview of extracting Bash command history from Unix memory images using digital forensics techniques. It discusses how Bash stores command history in memory and on disk, and how forensic analysts can extract that history from a memory dump. It includes a case study demonstrating extracting Bash history from multiple processes and showing that the "history -c" command only clears history for that individual process. The document aims to help digital forensics practitioners recover command history during memory forensics investigations.
(131116) #fitalk extracting user typing history on bash in mac os x memory
(Ficon2016) #4 실 사례를 통해 본 네트워크 포렌식의 범위와 효용
1. 실 사례를 통해 본 네트워크 분석/포렌식의 범위와 효용
joonkim@narusec.com
2. • 경찰청 사이버범죄 전문가그룹 위원
• 국군사이버사령부 자문위원
• 정보통신망 침해사고 민관합동조사단 전문가
• 국방부 침해사고분석 지원 및 자문위원
• (주)나루씨큐리티 대표이사
• 한국인터넷 진흥원 침해사고대응센터 연구원
• 알버타 주립대학교 PINT 연구소 연구원
• 2008 FIRST Security Best Practice 수상
• 고려대학교 사이버국방학과 해킹방어 이론과 실습 강의
• 네트워크 보안 모니터링 외 2권 번역
발표자 소개