Today there is a dispute over the ethics of operations involving honeypots and honeynets in cyber security. However, many organizations will adopt the use of such techniques and tools to develop defensive strategies to stop attackers. For professional offensive security practitioners, detecting, bypassing, and even avoiding honeypots is a new challenge and much is to be discovered and shared. This brief will work to accomplish these objectives and begin the development of a new framework for Counter Honeypot Operations (CHOps).
Defending Against 1,000,000 Cyber Attacks by Michael BanksEC-Council
Every time you look around some company or government organization is spouting out some huge number of “cyber-attacks” to their network every day. By no means is it easy, but could it be that there is a little exaggeration of the actuality of the encounters? There is surely a misconception in reporting and the understanding of the attack itself and how organizations account for them. There are “attacks” like port scanning and brute force attempting all across the internet and all hours of the day. Spreading awareness about them will inform the public on just how “intense” these attacks are. To demonstrate this, I bought a nice attractive domain and coupled it with a honey-pot and let the fun begin.
A look at computer network defense techniques and strategies that actually work in a world of blinky light sales. Strait up defense served with a side of sarcasm.
Should I buy product $x from $vendor_y or product $y from $vendor_x? Probably neither. Come hear how you can get back to security basics to keep your organization from getting owned and discover when you are owned with a lot of tools you already have. No sales, no magic, just real world security for people that want to defend their organization.
There has been a Ransomware explosion the last 6 years and there have been very little done to stop infections aside from deprecated signature scans and classic malware scanner. Weston will go over a couple proof of concepts that work on even the most current versions of the malware stop from fully infecting the machines that would otherwise be infected with malware that demands 1000s of dollars in some instances. Weston will go over several methods of making your system immune to attacks from ransomware many of them were discovered from actually reverse engineering the malware early this year. Weston will also go over several open source tools to test your environments impact from malware such as Cryptowall and several tools both software and hardware that can protect your systems from malware infecting even methods of abusing the payment gateway system to allow you to get more than one file unlocked for free and Weston will also go into the research about breaking the encryption based on the outputted encrypted files.
Assessing the security posture of a web application is a common project for a penetration tester and a good skill for developers to know. In this talk, We’ll go over the different stages of a web application pen test, from start to finish. We’ll start with tools used during the discovery phase to utilize OSINT sources such as search engines, sub-domain brute-forcing and other methods to help you get a good idea of targets “footprint”, automated scanners and their use, all the way to manual testing and tools used for fuzzing parameters to find potential SQL injection vulnerabilities. We’ll also discuss pro-tips and tricks that we use while conducting a full application penetration assessment. After this talk, you should have a good understanding of what is needed as well as where to start on your journey to hacking web apps.
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Lastline, Inc.
Ransomware has been widely touted as a highly-dangerous, sophisticated and destructive breed of malware – but according to recent research into the constraints, commonalities and advancements across 15 ransomware families – most ransomware today is actually more of a blunt instrument than a surgical tool in exploit kits. While certainly even simple programs can extort innocent people who aren’t able to separate real from fake cyber threats, the vast majority of the ransomware in the wild today is not necessarily as sophisticated or scary as it’s been made out to be. The real impact on victims who don't pay is typically still both reversible and preventable.
Malware varies mostly in the visible payloads that they manifest. We can see them infecting files, un-installing antimalware applications, stealing important documents, controlling our computers remotely, and other malicious activities.
What we don’t see is how they are implemented within the malware code. Modern malware uses different techniques to protect themselves from detection, analysis, and eradication. Some malware uses layers to even obfuscate the way they use these protections.Layers in malware are defense mechanisms against deep analysis. Within these layers, different malware tricks are also deployed.
In this presentation, we are going to look into Scieron and Vawtrak. Two different malware that implements layers differently. We will see some video demo on how some of the malware code are executed within the context of a debugger.
Finally, we are going to leverage Volatility, a memory forensic tool, to detect the presence of layers in an infected system.
Defending Against 1,000,000 Cyber Attacks by Michael BanksEC-Council
Every time you look around some company or government organization is spouting out some huge number of “cyber-attacks” to their network every day. By no means is it easy, but could it be that there is a little exaggeration of the actuality of the encounters? There is surely a misconception in reporting and the understanding of the attack itself and how organizations account for them. There are “attacks” like port scanning and brute force attempting all across the internet and all hours of the day. Spreading awareness about them will inform the public on just how “intense” these attacks are. To demonstrate this, I bought a nice attractive domain and coupled it with a honey-pot and let the fun begin.
A look at computer network defense techniques and strategies that actually work in a world of blinky light sales. Strait up defense served with a side of sarcasm.
Should I buy product $x from $vendor_y or product $y from $vendor_x? Probably neither. Come hear how you can get back to security basics to keep your organization from getting owned and discover when you are owned with a lot of tools you already have. No sales, no magic, just real world security for people that want to defend their organization.
There has been a Ransomware explosion the last 6 years and there have been very little done to stop infections aside from deprecated signature scans and classic malware scanner. Weston will go over a couple proof of concepts that work on even the most current versions of the malware stop from fully infecting the machines that would otherwise be infected with malware that demands 1000s of dollars in some instances. Weston will go over several methods of making your system immune to attacks from ransomware many of them were discovered from actually reverse engineering the malware early this year. Weston will also go over several open source tools to test your environments impact from malware such as Cryptowall and several tools both software and hardware that can protect your systems from malware infecting even methods of abusing the payment gateway system to allow you to get more than one file unlocked for free and Weston will also go into the research about breaking the encryption based on the outputted encrypted files.
Assessing the security posture of a web application is a common project for a penetration tester and a good skill for developers to know. In this talk, We’ll go over the different stages of a web application pen test, from start to finish. We’ll start with tools used during the discovery phase to utilize OSINT sources such as search engines, sub-domain brute-forcing and other methods to help you get a good idea of targets “footprint”, automated scanners and their use, all the way to manual testing and tools used for fuzzing parameters to find potential SQL injection vulnerabilities. We’ll also discuss pro-tips and tricks that we use while conducting a full application penetration assessment. After this talk, you should have a good understanding of what is needed as well as where to start on your journey to hacking web apps.
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Lastline, Inc.
Ransomware has been widely touted as a highly-dangerous, sophisticated and destructive breed of malware – but according to recent research into the constraints, commonalities and advancements across 15 ransomware families – most ransomware today is actually more of a blunt instrument than a surgical tool in exploit kits. While certainly even simple programs can extort innocent people who aren’t able to separate real from fake cyber threats, the vast majority of the ransomware in the wild today is not necessarily as sophisticated or scary as it’s been made out to be. The real impact on victims who don't pay is typically still both reversible and preventable.
Malware varies mostly in the visible payloads that they manifest. We can see them infecting files, un-installing antimalware applications, stealing important documents, controlling our computers remotely, and other malicious activities.
What we don’t see is how they are implemented within the malware code. Modern malware uses different techniques to protect themselves from detection, analysis, and eradication. Some malware uses layers to even obfuscate the way they use these protections.Layers in malware are defense mechanisms against deep analysis. Within these layers, different malware tricks are also deployed.
In this presentation, we are going to look into Scieron and Vawtrak. Two different malware that implements layers differently. We will see some video demo on how some of the malware code are executed within the context of a debugger.
Finally, we are going to leverage Volatility, a memory forensic tool, to detect the presence of layers in an infected system.
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptxChi En (Ashley) Shen
Speakers: Ashley Shen, Steve Su
This is a threat hunting and campaign tracking 101 workshop Ashley Shen (Google) and Steve (FireEye) prepared for the HITCON 2020 CTI Village. In this presentation we share the threat hunting concept with some basic techniques and explain the process and guidance for campaign tracking. The presentation was only 65 mins so we couldn't covered everything. However through this talk we hope to share our experience and insight to the beginners.
Invincea fake british airways ticket spear-phish malware 03-21-2014Invincea, Inc.
Invincea detects and blocks a Zeus malware spear-phish disguised as a British Airways fake ticket receipt. Information security and endpoint protection benefits from Invincea.
Capture the flag (CTF) exercises and events continue to increase in popularity providing essential training and skills development for defenders on blue teams and attackers on red teams. Jeopardy style or attack-defense CTF cyber exercises enable experienced participants and novices to work side by side on teams developing communication, time management and problem solving skills in a safe environment with ground rules and prizes for winners. Defending blue teams often dread the embarrassment of being attacked and compromised until modern deception defenses arrived. Deception defenses mimic a real environment with decoys and breadcrumbs creating an unknown mine field for attackers to detect their activity and movements giving defending blue teams a new advantage.
Tech ThrowDown:Invincea FreeSpace vs EMET 5.0Invincea, Inc.
In this webinar, we will take a deep dive look at the protection capabilities offered by Microsoft EMET as an effective means of stopping exploits against the most commonly attacked endpoint applications today and compare against Invincea FreeSpace.
Corporate Espionage without the Hassle of Committing FeloniesJohn Bambenek
Thotcon Presentation by John Bambenek on how some security solutions are leaking sensitive data to the internet making it easy to spy on individuals and companies without breaking any laws.
InfoSec analysts are all somewhat familiar with Honeypots. When they are given the proper attention, care and feeding, they produce invaluable information and can be a critical asset when it comes to defending the network. This intel has been primarily used by security researchers and organizations with advanced defensive capabilities to study their adversaries and learn from their actions. But what about the rest of us? Honeypots are a lot of work to configure, maintain, and monitor, right? Not exactly; when deployed and monitored properly, Honeypots and Honey Tokens are a simple way to alert on anomalous activity inside the network. But how can an organization that is not focused on research gain valuable threat intelligence using Honeypots and actively defend their network using indicators generated from an internal Honeynet?
The answer is Honeypots for Active Defense. There are currently many open source security tool distributions that come pre-loaded with Honeypots among other useful tools, however the Honeypot software is often not deployed in an effective manner. This session will discuss techniques to leverage Honeypots in ways that will not overburden the security team with massive logs to sift through and focuses efforts on correlating active threat data observed in the Honeypots with the production environment. When deploying Honeypots effectively, this can give security analysts one additional mechanism to tip them off to nefarious activity within their network before they become the next headline.
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
Cloud hosting providers, such as Amazon AWS, Google Cloud, DigitalOcean, Microsoft Azure, and many others, have to respond to a regular barrage of abuse complaint reports from all around the world when their customers virtual private servers are used for malicious activity. This activity can happen knowingly by the "renter" of the system or on behalf of an attacker if the server becomes infected. Although by no means the end all, one way of measuring the trust posture of a cloud hosting provider is by analyzing the amount of time between shared hosts beginning to attack other hosts on the Internet and the activity ceasing, generally by way of forced-decommissioning, quarantining, or remediation of the root-cause, such as a malware infection. In this talk, we discuss using the data collected by GreyNoise, a large network of passive collector nodes, to measure the time-to-remediation of infected or malicious machines. We will discuss methodology, results, and actionable takeaways for conference attendees who use shared cloud hosting in their businesses.
Threat actors are increasing their use of fleless
malware for one simple reason: most organizations
aren't prepared to detect it. Education is the frst step in
determining what threat these new attacks pose and what
you can do to detect and stop fileless malware attacks. Learn more at: https://www.bluvector.io
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverEC-Council
CLOUD PROXY TECHNOLOGY [THE CHANGING LANDSCAPE OF THE NETWORK PROXY]
This class will cover the distinctions between traditional proxy technology and the emergence in recent years of cloud proxy and why it matters to organizations today. We will review real use cases and their corresponding screen shots to provide a stimulating session.
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...Andrew Morris
In this talk, I'll be discussing my experience developing intelligence-gathering capabilities to track several different independent groups of threat actors on a very limited budget (read: virtually no budget whatsoever). I'll discuss discovering the groups using open source intelligence gathering and honeypots, monitoring attacks, collecting and analyzing malware artifacts to figure out what their capabilities are, and reverse engineering their malware to develop the capability to track their targets in real time. Finally, I'll chat about defensive strategies and provide recommendations for enterprise security analysts and other security researchers.
Exploit kits are a critical piece of the malware delivery infrastructure, delivering banking trojans, click fraud engines and ransomware. This small talk will be designed to aid collaboration on a means to tackle these threats with a long-term goal of eventual prosecution of the actors and partners behind exploit kits and their associated malware campaigns. We will discuss the latest research into the backend infrastructure and surveillance techniques of the Nuclear, RIG and Angler exploit kits, to enable all participants to learn what others are doing to stay ahead of them.
How we do it better than IR firms. Learn what you need to know to catch commoditized malware to advanced malware. Ask a Blue Team Ninja, Logoholic and Malware Archaeologist how we do ti.
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptxChi En (Ashley) Shen
Speakers: Ashley Shen, Steve Su
This is a threat hunting and campaign tracking 101 workshop Ashley Shen (Google) and Steve (FireEye) prepared for the HITCON 2020 CTI Village. In this presentation we share the threat hunting concept with some basic techniques and explain the process and guidance for campaign tracking. The presentation was only 65 mins so we couldn't covered everything. However through this talk we hope to share our experience and insight to the beginners.
Invincea fake british airways ticket spear-phish malware 03-21-2014Invincea, Inc.
Invincea detects and blocks a Zeus malware spear-phish disguised as a British Airways fake ticket receipt. Information security and endpoint protection benefits from Invincea.
Capture the flag (CTF) exercises and events continue to increase in popularity providing essential training and skills development for defenders on blue teams and attackers on red teams. Jeopardy style or attack-defense CTF cyber exercises enable experienced participants and novices to work side by side on teams developing communication, time management and problem solving skills in a safe environment with ground rules and prizes for winners. Defending blue teams often dread the embarrassment of being attacked and compromised until modern deception defenses arrived. Deception defenses mimic a real environment with decoys and breadcrumbs creating an unknown mine field for attackers to detect their activity and movements giving defending blue teams a new advantage.
Tech ThrowDown:Invincea FreeSpace vs EMET 5.0Invincea, Inc.
In this webinar, we will take a deep dive look at the protection capabilities offered by Microsoft EMET as an effective means of stopping exploits against the most commonly attacked endpoint applications today and compare against Invincea FreeSpace.
Corporate Espionage without the Hassle of Committing FeloniesJohn Bambenek
Thotcon Presentation by John Bambenek on how some security solutions are leaking sensitive data to the internet making it easy to spy on individuals and companies without breaking any laws.
InfoSec analysts are all somewhat familiar with Honeypots. When they are given the proper attention, care and feeding, they produce invaluable information and can be a critical asset when it comes to defending the network. This intel has been primarily used by security researchers and organizations with advanced defensive capabilities to study their adversaries and learn from their actions. But what about the rest of us? Honeypots are a lot of work to configure, maintain, and monitor, right? Not exactly; when deployed and monitored properly, Honeypots and Honey Tokens are a simple way to alert on anomalous activity inside the network. But how can an organization that is not focused on research gain valuable threat intelligence using Honeypots and actively defend their network using indicators generated from an internal Honeynet?
The answer is Honeypots for Active Defense. There are currently many open source security tool distributions that come pre-loaded with Honeypots among other useful tools, however the Honeypot software is often not deployed in an effective manner. This session will discuss techniques to leverage Honeypots in ways that will not overburden the security team with massive logs to sift through and focuses efforts on correlating active threat data observed in the Honeypots with the production environment. When deploying Honeypots effectively, this can give security analysts one additional mechanism to tip them off to nefarious activity within their network before they become the next headline.
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
Cloud hosting providers, such as Amazon AWS, Google Cloud, DigitalOcean, Microsoft Azure, and many others, have to respond to a regular barrage of abuse complaint reports from all around the world when their customers virtual private servers are used for malicious activity. This activity can happen knowingly by the "renter" of the system or on behalf of an attacker if the server becomes infected. Although by no means the end all, one way of measuring the trust posture of a cloud hosting provider is by analyzing the amount of time between shared hosts beginning to attack other hosts on the Internet and the activity ceasing, generally by way of forced-decommissioning, quarantining, or remediation of the root-cause, such as a malware infection. In this talk, we discuss using the data collected by GreyNoise, a large network of passive collector nodes, to measure the time-to-remediation of infected or malicious machines. We will discuss methodology, results, and actionable takeaways for conference attendees who use shared cloud hosting in their businesses.
Threat actors are increasing their use of fleless
malware for one simple reason: most organizations
aren't prepared to detect it. Education is the frst step in
determining what threat these new attacks pose and what
you can do to detect and stop fileless malware attacks. Learn more at: https://www.bluvector.io
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverEC-Council
CLOUD PROXY TECHNOLOGY [THE CHANGING LANDSCAPE OF THE NETWORK PROXY]
This class will cover the distinctions between traditional proxy technology and the emergence in recent years of cloud proxy and why it matters to organizations today. We will review real use cases and their corresponding screen shots to provide a stimulating session.
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...Andrew Morris
In this talk, I'll be discussing my experience developing intelligence-gathering capabilities to track several different independent groups of threat actors on a very limited budget (read: virtually no budget whatsoever). I'll discuss discovering the groups using open source intelligence gathering and honeypots, monitoring attacks, collecting and analyzing malware artifacts to figure out what their capabilities are, and reverse engineering their malware to develop the capability to track their targets in real time. Finally, I'll chat about defensive strategies and provide recommendations for enterprise security analysts and other security researchers.
Exploit kits are a critical piece of the malware delivery infrastructure, delivering banking trojans, click fraud engines and ransomware. This small talk will be designed to aid collaboration on a means to tackle these threats with a long-term goal of eventual prosecution of the actors and partners behind exploit kits and their associated malware campaigns. We will discuss the latest research into the backend infrastructure and surveillance techniques of the Nuclear, RIG and Angler exploit kits, to enable all participants to learn what others are doing to stay ahead of them.
How we do it better than IR firms. Learn what you need to know to catch commoditized malware to advanced malware. Ask a Blue Team Ninja, Logoholic and Malware Archaeologist how we do ti.
Using Canary Honeypots for Network Security Monitoringchrissanders88
In this presentation I talk about how honeypots that have more traditionally been used for research purposes can also be used as an effective part of a network security monitoring strategy.
2020 11-15 marcin ludwiszewski - purple, red, blue and others - rainbow team...Marcin Ludwiszewski
Cybersecurity - Rainbow Teaming - what are the colour teams in cybersecurity, how purple differs from red teaming, what is white team and other colours ?
Incident handlers manage security incidents by understanding common attack techniques, vectors and tools as well as defending against and/or responding to such attacks when they occur. In this talk we will discuss modern attacks, techniques, how to defend & respond to those threats.
2023 NCIT: Introduction to Intrusion DetectionAPNIC
APNIC Senior Security Specialist Adli Wahid presents an Introduction to Intrusion Detection at the 2023 NCIT, held in Suva, Fiji from 17 to 18 August 2023.
Keynote on why you should make Infosec a board level strategic item, how you should raise it to this level and how to approach Information Security strategically
Security is now important to all of us, not just people who work at Facebook. Most developers think about security in terms of security technologies that they want to apply to their systems, and then ask how secure the system is. From a secure systems perspective, this is the wrong way around. To build a secure system, you need to start from the things that need to be protected and the threats to those resources.
In this session, Eoin dives into the fundamentals of system security to introduce the topics we need to understand in order to decide how to secure our systems.
My Keynote from BSidesTampa 2015 (video in description)Andrew Case
This is the slides from keynote presentation at BSidesTampa 2015. A recording of the talk can be found at: https://www.youtube.com/watch?v=751bkSD2Nn8&t=1m35s
When you work with a lot of companies scrutinizing their security, you get to see some amazing things. One of the joys of being a commercial security consultant working for big name firms, is that you get to see a lot of innovation and interesting approaches to common problems.
However, as great as this is, the discrete projects you work on are usually a small representation of the overall company. When you look at the company in its entirety, a familiar pattern of weakness begins to reveal itself. While some companies are obviously better than others, the majority of companies are actually weak in remarkably similar ways.
My work in the attacker modeled pentest and enterprise risk assessment realms focuses on looking at a company as a whole. The premise is that, this is what an attacker would do. They won’t just try to attack your quarterly code reviewed main web site, or consumer mobile app. They won’t directly attack your PCI relevant systems to get to customer credit card data. They won’t limit their attacks to those purely against your IT infrastructure. Instead – they’ll look at your entire company, and they will play dirty.
In this session, I’ll focus on the things that plague us all (well most of us), and I’ll offer some simple advice for how to try and tackle each of these areas:
– Weaknesses in Physical Security
– Susceptibility to Phishing
– Vulnerability Management Immaturity
– Weaknesses in Authentication
– Poor Network Segmentation
– Loose Data Access Control
– Terrible Host / Network Visibility
– Unwise Procurement & Security Spending Decisions
Learn how to overcome security challenges, such as: identity theft, spoofed transactions, DDoS business disruption, criminal extortion and more. You'll learn how a security strategy promotes confidence in the cloud.
With more than 50,000 new malware created every day organisations can no longer afford to risk the financial and reputational impacts of a security or data breach, which can be too much for a business to recover from. Because of this, IT managers face increasing scrutiny and pressure from CEOs, managing directors and boards to prove that they are keeping the organisation secure.
The changing threat landscape means organisations need to be vigilant and smarter about security. While businesses still face threats from infected devices and malware, attackers have also moved beyond that. For example, there is an increasing number of targeted email attacks with cyber criminals spending time to monitor communications so they can imitate emails that are so sophisticated that even relatively savvy users will open them.
This webinar will explore the building blocks required to ensure you have the roadmap required to best protection against cyber attacks. We will provide you with a high level view of the following topics:
· Audit and discovery – What are your weaknesses and are you compliant?
· Education – Do your employees know when not to open that attachment?
· Policy – Do you have the right policies for your industry?
· Technology – Where to start and what has changed?
SpiceWorks Webinar: Whose logs, what logs, why logs AlienVault
Securing your environment requires an understanding of the current and evolving threat landscape as well as knowledge of network technology and system design. This session will combine lecture, demo and interactive Q/A that will highlight how to build out a security plan to defend against today’s threats. Join AlienVault for this webinar to learn:
• What network, system and host data you should be collecting for the quickest path to security visibility
• Best practices for network, perimeter and host monitoring
• Security advantages of new AlienVault Threat Alerts coming soon to SpiceWorks
Honeypots only see activities that interact with them and do not capture attack, directed against other existing systems.
Risk of being compromised: A Honeypot may be used as a platform to launch further attacks.
At the end it would not be wrong to say that honeypots are good resources to track attackers, and its value lies in being attacked. But at the same time due to the listed disadvantages above Honeypots cannot replace any security mechanisms; they can only work to enhance the overall security.
Similar to Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creekmore (20)
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldEC-Council
Learn how to find peace and happiness within you and around you amidst chaos and understanding how the mind-body-energy connection plays a crucial role in the world of Cyber. Mental health and wellness can be the difference between a Cyber professional and a criminal.
Cloud Security Architecture - a different approachEC-Council
Whether people admit or not, everyone is moving to the cloud and all future business will run somewhere on the internet. Moving to the cloud requires different set of architecture and mindset. Data is stored, accessed and processed on different platforms and devices. Employees are working anywhere from the world, corporate data is no more under company IT custody. CISOs and CIOs need to think differently and set new Cloud Security Architecture. This session will try to draw the main areas of concern from Security perspective while moving to the cloud.
This webinar is primarily intended for those that are in need of an informational overview on how to respond to information security incidents or have a responsibility for doing so. It will also assist with your preparation for a Computer Security Incident Handling certification.
Hacking Your Career – Hacker Halted 2019 – Keith TurpinEC-Council
HACKING YOUR CAREER
Learn how to take charge of your future and ring success out of every opportunity. I had some hard lessons on my way to becoming the CISO of a billion dollar company and now you can benefit from those experiences. In this candid conversation, you will learn the secrets to kicking your career’s ass.
HACKING DIVERSITY
We talk a lot about why diversity is important and we are all familiar with the woeful inclusion stats. In this talk we will discuss why diversity is important from both the perspective of an organization’s bottom line and the individual contributor.
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
DNS: STRATEGIES FOR REDUCING DATA LEAKAGE & PROTECTING ONLINE PRIVACY
DNS is the foundational protocol used to directly nearly all Internet traffic making the collection and analysis of DNS traffic highly valuable. This talk will examine ways in which you can effectively limit the disclosure of your online habits through securing the way your local DNS resolvers work.
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoEC-Council
THE $750 BILLION VEHICLE DATA GOLD RUSH – PIRATES AHOY!
Vehicle data may be worth $750b by 2030. Problem: vehicle security, privacy, and user awareness of risks are inadequate. Andrea Amico will share some exploits including his “CarsBlues” which exposes people’s personal data, affects 22 makes, and is still a 0-Day for tens of millions of vehicles.
BREAKING SMART [BANK] STATEMENTS
Explanation of how I find and exploit a security flaw (bad implementation of cryptography) in a bank statement, sent via email, of one of the biggest banks in Mexico.
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanEC-Council
ARE YOUR CLOUD SERVERS UNDER ATTACK
For this presentation, I built out a test lab in AWS and allowed someone to hack the servers. I will talk about what we saw when we opened RDP to the internet, what the hackers did once they got in, and someone trying to kick me off my own servers.
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...EC-Council
Behold the powers of behavioral alchemy! Are you ready to unleash 4 "Trojan Horses for the Mind" that will change the way you communicate forever? How about a magic wand that will help manifest secure behaviors and shape culture? Attend this session and harness the power.
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
Present your risk assessments to your board of directors in the language they understand - financial loss. "FAIR" or "Factor Analysis of Information Risk" is the quantitative risk analysis methodology that works with common frameworks while adding context for truly effective risk management.
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerEC-Council
ALEXA IS A SNITCH!
You’re not paranoid, your voice assistant is listening. And what’s worse, Alexa is stitching on you! What is she hearing? Where is she sending it? And is there anything we can do to stop her?!
Join me as we discuss the current state of security around voice assistants. And how to silence them.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
2. Intro
Jon Creekmore
Independent Security Researcher
www.LinkedIn.com/in/MrCreekmore
Executive Director – Cyber Discovery Group
www.DiscoverCyber.org
Vice President – Augusta Locksports
www.AugustaLocksports.org
3. def Jon()
• Recent vet from the DOD and CYBERCOM…
• Bunch o’ certs…
• CSRA Chapter President - ISC2
• Loves to help people, a lot…
• Lifelong learner and PhD candidate from a Cyber
Center of Excellence…
• Still no idea of what to do with NOPS...
5. CHOps Overview
• Counter Honeypot Operations (CHOps) Framework
• Designed to be a community driven open source
methodology framework to establish the best
techniques for engaging and defeating honeypots
• Also backing the push for a common methodology
in deception as a domain of security
6. Why CHOps
• As deterrence strategies evolve, so will the need to
overcome the deception controls
• CHOps is focused to be useful for red team
personnel, penetration testers, auditing teams,
and other lawful parties
• Counter-Deception skills are being greatly
developed by the real bad guys and white hats
need to come together and share info on these
skills to out-pace the threat
7. Why CHOps
• As deterrence strategies evolve, so will the need to
overcome the deception controls
• CHOps is focused to be useful for red team
personnel, penetration testers, auditing teams,
and other lawful parties
• Counter-Deception skills are being greatly
developed by the real bad guys and white hats
need to come together and share info on these
skills to out-pace the threat
8. Honeypots
• Deception devices used to help prevent, deter,
detect, or mitigate the adverse effects to a system
or environment
• Commonly designed to look like real systems and
services to fool attackers
• Great source of both technical protection and also
intelligence for security personnel
9. Honeypots
• Commonly come in four categories:
• No Interaction:
-Simulates an open port, but not much more
• Low Interaction:
Port with some level of working service
• Mid Interaction:
Port, service, and at least a reasonable level of function
• High Interaction:
Fully working platform which can be compromised and
operate with complex actions
10. The Defenders
• Security personnel who deploy and use honeypots
• They have the “high ground”
• Well versed in the environment and their intent is
pre-identified
• Anticipating attacks
11. The Defenders
• Assume they control you
• Deployment flaws
• Downstream Liability
• Likelihood of Harm x Gravity of Result
/ Burden to Avoid
12. The Defenders
• Some common pots:
• Honeyd
• Kippo
• Cybercop Sting
• ManTrap
• Deception Toolkit
• Tripwire
• BearTrap
• Nova
• Artillery
• Conpot
• Dionea
• Glastoph
• KFSensor
13. The Defenders
• What a good pot must have…
• Emulated Service
• Full Service
• Logical Service Patterns
• Working Known Exploits
• Zero-Day Exploitable
14. Detection
• Some honeypots are deployed for detection
purposes to simply know when harm is near
• Most commonly no, low, and mid interaction
• Setup with common services in order to look real
• Connected to back-end SIEM, NetMon, and more
to be able to alert or at least record when
interaction has occurred
15. Collection
• These honeypots are often mid and high level
• Can collect behaviors, inputs, activities, intent, and
much more on an attacker
• Used to support intelligence operations
• Can lend aid to developing advanced protection
controls and aid in attribution
16. Active Defense
• The practice of developing response actions to an
attacker in order to protect the assets and to acquire
evidence
• Very ethically concerning at times due to rights
• Can also lead to excessive compromise and collateral
damage
• Requires a great amount of skill/resources to effectively
deploy
17. Counter-Intel
• The art of controlling, manipulating, and
presenting information to mislead or falsify
information to an adversary
• Used in an advanced strategy to provide an
additional layer of protection to the mission
• Requires constant evolution and refinement to
work best and with confidence
18. Deception Methodology
First, the kill chain…
• Recon
• Weaponization
• Delivery
• Exploitation
• Infiltration
• Command and Control (C2)
• Actions and Objectives
19. Deception Methodology
First, the kill chain…
• Delivery and Exploitation are where honeypots are
most utilized
• Knowing this framework can give an advantage to
the defense in anticipating the actions of attackers
20. Deception Methodology
What they believe:
• Attacker has the advantage
• Attacker has flexibility, is agile
• Need to focus on the attacker, not the attack
• We know where the attacker can be
• Honeypots are not just tech, but a methodology
• Dynamic Defense is maneuverable
• Deception Oriented Architecture is Key
22. Deception Methodology
Some of what they will be doing:
• Attractive Naming
• Inaccessibility on the LAN
• Stealthy Layered Logging
• Cryptic Logging
• Network Sniffing
• Baselining
• It is economic!
23. Rules of Engagement
• DEFENDERS NORMALLY HAVE SOME KIND OF ROE
• Knowing this can greatly aid in counter-deception
efforts and CHOps
• Many organizations follow ROE guidance from
laws/regs/policies/etc.
24. Init RedTeam()
• The Red Team is an authorized, ethical, and legal
party provided offensive security services to help
improve security operations
• There are a great deal of healthy offsec skills, tools,
services, and more out there today
• Access to effective counter-deception solutions are
limited and often expensive to develop
25. Evaluating Success
• As a framework, there needs to be clear
milestones for success and evaluation
• It is okay to assume that some degree of
compromise for a red team will occur
• The end goals of a counter-deception campaign is
to prove that there is room to more effectively
conduct deception efforts, in this case…...
Honeypot Operations ;-)
26. Owning the Chain
• Breaking it down a bit more, CHOps can also use
the kill chain to also develop, supervise, and
evaluate, which is pretty neat!
• Developing great honeypots is an art, so is
overcoming them, it is not all technical flaws in the
solutions, think about the behavior of the people
• Defense knows the prevention is ideal, but
detection is a must today, get in and leave with
more than they realize you came for…
27. Owning the Chain
• Understanding the deception chain is key to
developing effective counter-deception strategies
and building out the CHOps Framework
• Gadi Evron demonstrated this at Honeynet2014
very well and framed what the metrics and factors
are surrounding attacks in an environment
• Similar to the OSI, but focused more on the next
layer of security; deception
28. Owning the Chain
• Deception Chain OSI (Evron, 2014)
OSI
Model/
Attack
Stages
Penetration
Lateral
Movement
Command
and
Control
Actions
on
Objective
Data
Exfiltration
Covering
Tracks
Intelligence
Data
Application
Host
Domain
Network
Physical
29. Brute Force on FTP
• Deception Chain OSI (Evron, 2014)
OSI
Model/
Attack
Stages
Penetration
Lateral
Movement
Command
and
Control
Actions
on
Objective
Data
Exfiltration
Covering
Tracks
Intelligence
Data
Application x x x
Host x x x
Domain ? ?
Network x x
Physical
30. Owning the Chain
• Scenario Example:
• A pen tester has discovered an FTP server in the
environment.
• He has decided to attempt to run a brute-force tool to
attempt to penetrate into the service and host.
• After success, he enumerates a list of files, retrieves two
of them, and uploads one file named evil.php for later
testing through the web app service on the box
31. Counter-Deception
• Defense assumes that attackers will have modeled
behavior patterns which provide precursors to their
intention and courses of action in the network, let them
think they are right
• Like attackers, defenders also have a great deal of
known common modeled behaviors, we know they are
logging, watching, manipulating, but the key is simply
cost/effectiveness
• Target their Total Cost of Ownership (TCO) and work
just over it, or look at where the “tipping point” in their
procedures might be…
32. Counter-Deception
• Now let’s look at the scenario from the CHOps
point-of-view…
• The attacker did brute force the FTP service
• He knew this was going to be logged, and there are often
log file based local attacks, he crafted a word list for his
tool which will also create suspicious payload-like entries
for deception to the defenders to redirect attention away
from the evil.php
• Or, he knew defenders often use the words used for
passwords in brute-force attempts to develop word lists
for defense, the attacker used specially encoded
passwords which some tools will have issues parsing
33. Import CHOps.WIN
• At the core, CHOps is (as of the current version), a
framework which will guide offsec professionals
with a guide on the best way to go step-by-step,
piece-by-piece, into getting a better ROI for
engaging with honeypots
• It is essentially designed to be a decision model,
but will also extend to be a multi-faceted tool to
help build intel on defensive deception capabilities
34. Import CHOps.WIN
We have some things we know:
Detect – Deny – Disrupt – Degrade – Destroy
(JP 3-13, Joint Doctrine for Information Ops)
These are the objectives of the defense.
By using our own intel and recon we can predict and
possibly even defeat the defense.
35. Import CHOps.WIN
Start here…
• Detect:
• Single to Few Ports, Connection Based, Easy Access
• Deny:
• Excessive Ports, No Banners, RST Packets
• Disrupt:
• Broken File Transfers, Locked Down Files, Restricted
Commands
• Degrade:
• False Banners, Erroneous Error Codes, Broken Configs
• Destroy:
• IP Bans, File Encryptions, Account Revocation
36. Import CHOps.WIN
Once the deception objectives are determined, we can
know develop an effective counter-deception…
Scenario:
A pen tester has been contracted for a company to black
box test its main office. After a little OSINT, the attacker
knows the company has some DNS records to some web
servers. She sees that there are two web servers for the
company and scans both. After several route scans, she
notices that one web server has not returned the same
routing scheme once and the last few hops seem to keep
rotating similar IP addresses, but the last address is the
same…
37. Import CHOps.WIN
Some possible options…
1. The defense has setup a honeypot that switches up
routing schemes based on certain scan attempts and
the defense is attempting to degrade the reliability of
the intel gathered from the honeypot web server
2. The defense has setup a honeypot routing device which
load balances certain traffic based on indicators which
send possibly malicious traffic through an appliance
3. 3.14159265359… possibilities, but that’s the point ;-)
38. Import CHOps.WIN
Some CHOps Techniques
• Default Response Identification
• Application Error Handling
• OS Fingerprinting
• TCP Sequence Analysis (see also Red Pill)
• ARP Addresses
• Much more…
39. Import CHOps.WIN
• CHOps is still in early development
• There is a need to come together and share not only
the data on honeypot engagements, but also to
develop metrics to help effectively identify, detect,
assess, and overcome honeypot technologies to
accomplish better offsec services
• Many professionals keep their effective counter-
deception techniques and strategies to themselves, but
by information sharing, the good guys can make leaps
ahead of the bad guys and grow the field
40. Summary
• CHOps is still in early development
• There is a need to come together and share not only
the data on honeypot engagements, but also to
develop metrics to help effectively identify, detect,
assess, and overcome honeypot technologies to
accomplish better offsec services
• Many professionals keep their effective counter-
deception techniques and strategies to themselves, but
by information sharing, the good guys can make leaps
ahead of the bad guys and grow the field
41. References
• Evron, G. (2014). #Honeynet2014 - Gadi Evron - Cyber
Counter Intelligence: An attacker-based approach.
• Martin, W. (2001, May 25). Honey Pots and Honey Nets -
Security Through Deception. Meer, H., & Slaviero, M. (2015).
Bring Back the Honeypots. Retrieved from
https://www.youtube.com/watch?v=W7U2u-qLAB8
• Rowe, N. C., Custy, E. J., & Duong, B. T. (2007). Defending
Cyberspace with Fake Honeypots.JCP, 2(2).
doi:10.4304/jcp.2.2.25-36
• Sochor, T. (2016). Low-Interaction Honeypots and High-
Interaction Honeypots. Internet Threat Detection Using
Honeypots, 1172-2183. doi:10.4018/978-1-4666-9597-9.les2
• Spitzner, L. (2003, December). Honeypots: Catching the
Insider Threat. Sysman, D., Evron, G., & Sher, I. (2015).
Breaking Honeypots For Fun And Profit.