SlideShare a Scribd company logo

[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon

H
hackersuli

Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon

Internet
1 of 43
Download to read offline
Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon Budapest Hackersuli Meetup 2024 Május 1 Szili Dávid
Nem, még mindig nem vettem magyar kiosztású billentyűzetet! Ezt a két slide-ot is kínszenvedés volt ékezetekkel megírni! 2 Dávid, magyarul lécci… (Diszklémer 1)
Diszklémer 2 • We are going to discuss intermediate/advanced topics! • The assumption is that you are somewhat familiar with security monitoring and/or machine learning concepts. • Originally, this was a workshop, NOT a presentation • Finally; none of this is our own research! We are just connecting dots (see refs later)! 3
ChatGPT-4/DALL-E3 prompt: This is too scary now, keep the original image, all the details, but make it look cute, and transform it into cartoon network art style, like the style of Dexter's Laboratory, or Power Puff Girls ChatGPT-4/DALL-E3 prompt: Make an epic portrait of a Terminator T-800 with red glowing eyes and a python wrapped around its neck, where the python is showing its fangs as it is about to attack. Make it dynamic, cinematic, highly detailed, packed with hidden details, style, high dynamic range, hyper-realistic, realistic, attention to detail. Diszklémer 3 4
• Managing partner at Alzette Information Security (@AlzetteInfoSec) • Network penetration testing, security architectures, security monitoring, threat hunting, incident response, digital forensics • Instructor at SANS Institute: FOR572, FOR509 • SANS Lead author: SANS DFIR NetWars • BSides Luxembourg Organizer: https://bsideslux.lu • Twitch: https://www.twitch.tv/alzetteinfosec • YouTube: https://www.youtube.com/@alzetteinfosec • Twitter (X): @DavidSzili • E-mail: david.szili@alzetteinfosec.com 5 About David
Agenda for Today Introduction to Zeek Machine Learning on Zeek Logs Snakes!  (Anaconda and Python) Zeek Broker and Machine Learning 6
Introduction to Zeek Budapest Hackersuli Meetup 2023 December 7
About Zeek What is Zeek? • Passive, open-source network traffic analyzer • Event/data-driven NIDS/NSM • Fully customizable and extensible platform for traffic analysis • Can run on commodity hardware (up to 10GbE or even 100GbE links) • Commercial offerings: Corelight Why Zeek? • Network Intrusion Detection Systems (NIDS) • Alert data only • Network Security Monitoring (NSM) • Alert data • Flow (or Session) data • Transaction data • Packet data (PCAP) • Statistical data • Correlated data 8
Zeek’s History • 1995 – Initial version by Vern Paxson • 1996 – Berkeley Lab deployment • 2003 – National Science Foundation (NSF) began supporting Bro R&D • 2010 – National Center for Supercomputing Applications (NCSA) joined the team as a core partner • 2013 – NSF renewed its support • 2014 – try.bro.org (now try.zeek.org) • 2016 – Zeek package manager • 2018 – Changing the name of the software from Bro to Zeek. • 2020 – Spicy Parser Generator 9
Zeek’s Cluster Architecture (1) • Standalone vs. cluster mode • Network Frontend: • hardware flow balancers • on-host flow balancing (PF_RING) • Manager: central log collector • Worker: traffic inspection, stream reassembly, protocol analysis • Proxy: synchronizing Zeek state • Logger (optional): receives log messages from nodes 10 Source: https://docs.zeek.org/en/master/_images/deployment.png
Zeek’s Internal Architecture • Event Engine: runs protocol analyzers, generates network events • Policy Script Interpreter: performs action/writes output 11 Source: https://docs.zeek.org/en/master/_images/architecture.png
• Zeek’s Event Engine: • Reduces the incoming packet stream into a series of higher-level events • Places events into an ordered "event queue“ • Events: • State change (new_connection, signature_match) • Protocol specific (http_response, dns_request) • Data availability (http_entity_data, file_sniff) • Etc. 12 Zeek Events
Zeek Logs (Just a Few Examples) Log File Description conn.log TCP/UDP/ICMP connections dhcp.log DHCP leases dns.log DNS activity ftp.log FTP activity http.log HTTP requests and replies rdp.log RDP smb_cmd.log SMB commands smb_files.log SMB files ssh.log SSH connections Log File Description ssl.log SSL/TLS handshake info files.log File analysis results x509.log X.509 certificate info intel.log Intelligence data matches notice.log Zeek notices signatures.log Signature matches known_hosts.log Hosts seen (TCP handshakes) software.log Software seen on the network weird.log Unexpected network activity 13 Complete list: https://docs.zeek.org/en/master/script-reference/log-files.html Details: https://docs.zeek.org/en/master/logs/index.html
Framework Description Broker Communication Framework Exchange information with other Zeek processes Cluster Framework The basic premise of Zeek clusterization Configuration Framework Allows updating script options dynamically at runtime File Analysis Framework Generalized presentation of file-related information Input Framework Allows users to import data into Zeek Intelligence Framework Consume data and make it available for matching Logging Framework Fine-grained control of what and how is logged Management Framework Provides a Zeek-based, service-oriented architecture NetControl Framework Flexible, unified interface for active response 14 Zeek Frameworks (1) Source: https://docs.zeek.org/en/master/frameworks/index.html
Framework Description NetControl Framework Flexible, unified interface for active response Notice Framework Detect potentially interesting situations and take action Packet Analysis Handles parsing of packet headers at layers Summary Statistics Framework Measuring aspects of network traffic Signature Framework Signature language for low-level pattern matching Telemetry Framework Can be used to record metrics TLS Decryption Limited support for decrypting TLS connections 15 Zeek Frameworks (2) Source: https://docs.zeek.org/en/master/frameworks/index.html
• Event-driven • Domain-specific • Turing-complete • Based on ML (LISP-like) • Basically, all Zeek output is generated by Zeek scripts! 16 Zeek Scripting Overview Source: https://docs.zeek.org/en/master/script-reference/index.html
Zeek Logs DEMO Workshop 17
Machine Learning on Zeek Logs Budapest Hackersuli Meetup 2023 December 18
• From the Stratosphere Laboratory team: • StratosphereLinuxIPS (SLIPS): https://github.com/stratosphereips/StratosphereLinuxIPS • zeek_anomaly_detector: https://github.com/stratosphereips/zeek_anomaly_detector • From the Active Countermeasures team: • Real Intelligence Threat Analytics (RITA): https://github.com/activecm/rita/ • AC-Hunter Community Edition: https://www.activecountermeasures.com/ac-hunter-community- edition/ 19 Tools to Parse and Analyze Zeek Logs
Machine Learning on Zeek Logs DEMO (1) Budapest Hackersuli Meetup 2023 December 20
Budapest Hackersuli Meetup 2023 December 21 Snakes!  (Anaconda and Python)
Anaconda, Jupyter Labs, Python • We are going to use the following tools: • Anaconda • Jupyter Lab • Python (no, not R ) • pandas • numpy • mathplotlib • scikit-learn • tensorflow 22 Source: https://twitter.com/aboutsecurity/status/1094277269751762946
• None of this is our own research! We are just connecting dots! • Largely based on David Hoelzer’s SANS “SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals” Day 2 labs: • https://www.sans.org/cyber-security-courses/applied-data-science-machine-learning/ • Go check out David Hoelzer’s YouTube channel: • https://www.youtube.com/@DHAtEnclaveForensics/videos • Also, check out David Hoelzer’s other presentations on the SANS Cyber Defense YouTube channel: • https://www.youtube.com/@SANSCyberDefense/search?query=Hoelzer • We also used Nik Alleyne’s blog post and GitHub repository: • https://www.securitynik.com/2023/10/beginning-fourier-transform-detecting.html • https://showmethepackets.com/index.php/2023/10/09/beginning-fourier-transform-detecting-beaconing- in-our-networks/ • https://github.com/SecurityNik/Data-Science-and- ML/blob/main/Beginning%20Fourrier%20Transform%20for%20Beacon%20Detection%20-%20Blog.ipynb 23 Disclaimer / Credits
(Discrete) Fourier Transform and (R)FFT 24 Sources: https://www.thefouriertransform.com/ https://en.wikipedia.org/wiki/Discrete_Fourier_transform and https://en.wikipedia.org/wiki/Fast_Fourier_transform
Machine Learning on Zeek Logs DEMO (2) Budapest Hackersuli Meetup 2023 December 25
Zeek Broker and Machine Learning Budapest Hackersuli Meetup 2023 December 26
• Broker is a library for type-rich publish/subscribe communication • It is the successor of Broccoli • It enables arbitrary applications to communicate in Zeek’s data model • Broker also offers distributed key-value stores to facilitate unified data management and persistence 27 Zeek Broker
Broker Overview • Endpoints: data senders and receivers. • Peering: to publish or receive messages an endpoint needs to peer with other endpoints. • Messages: information to send • Topics: filters for a publish or subscribe communication pattern. • Subscriptions: peers only receive messages which match one of their subscriptions. • Data stores: distributed key-value stores. 28
• Almost all functionality of Broker is also accessible through Python bindings • The Python API mostly mimics the C++ interface • Installation: • Virtual Environment (compiled Broker from source) • Binary package: $(PREFIX)/zeek/lib/zeek/python/ • Your Broker version must match your Zeek version! 29 Broker’s Python Bindings import sys sys.path.append('/opt/zeek/lib/zeek/python/')
• None of this is our own research! We are just connecting dots! • Largely based on David Hoelzer’s livestream recordings, presentations, and his SANS “SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals” Day 3 and Day 5 labs: • https://www.sans.org/cyber-security-courses/applied-data-science-machine-learning/ • Go check out David Hoelzer’s YouTube channel: • https://www.youtube.com/@DHAtEnclaveForensics/videos • We used code from these videos: • Machine Learning with Zeek and Tensorflow Part 1: https://www.youtube.com/watch?v=5w25kEMLdQk • Machine Learning with Zeek and Tensorflow - Part 2: Processing the Data: https://www.youtube.com/watch?v=8qJFnX214yE • Threat Hunting with Data Science, Machine Learning, and Artificial Intelligence: https://www.youtube.com/watch?v=fdqFdnkf9I4 • Also, check out David Hoelzer’s other presentations on the SANS Cyber Defense YouTube channel: • https://www.youtube.com/@SANSCyberDefense/search?query=Hoelzer 30 Disclaimer / Credits (1)
• We used the code from the Zeek Broker documentation: • https://docs.zeek.org/projects/broker/en/master/python.html • We also used a little Dr. Keith Jones’ “How To Easily Connect Zeek to Python” YouTube video, blog, and GitHub repository: • https://www.youtube.com/watch?v=iIYi17VqFkY • https://drkeithjones.com/index.php/2023/03/11/how-to-connect-zeek-to-python/ • https://github.com/keithjjones/zeek-python-broker-demo • Go check out Dr. Keith Jones’ YouTube channel: • https://www.youtube.com/@dr.keithjones 31 Disclaimer / Credits (2)
Zeek Broker and Python DEMO (1) Budapest Hackersuli Meetup 2023 December 32
Representing Files as Images 33
Convolutional Neural Networks 34 Source: https://saturncloud.io/blog/a-comprehensive-guide-to-convolutional-neural-networks-the-eli5-way/
Decision Tree Classifier • Non-parametric supervised learning method • Gini coefficient: represents the differences between areas • The algorithm used to build the decision tree is attempting to maximize the information gain at every decision node petal length (cm) ≤ 2.45 gini = 0.6667 samples = 150 value = [50, 50, 50] class = setosa gini = 0.0 samples = 50 value = [50, 0, 0] class = setosa True petal width (cm) ≤ 1.75 gini = 0.5 samples = 100 value = [0, 50, 50] class = versicolor False petal length (cm) ≤ 4.95 gini = 0.168 samples = 54 value = [0, 49, 5] class = versicolor petal length (cm) ≤ 4.85 gini = 0.0425 samples = 46 value = [0, 1, 45] class = virginica petal width (cm) ≤ 1.65 gini = 0.0408 samples = 48 value = [0, 47, 1] class = versicolor petal width (cm) ≤ 1.55 gini = 0.4444 samples = 6 value = [0, 2, 4] class = virginica gini = 0.0 samples = 47 value = [0, 47, 0] class = versicolor gini = 0.0 samples = 1 value = [0, 0, 1] class = virginica gini = 0.0 samples = 3 value = [0, 0, 3] class = virginica sepal length (cm) ≤ 6.95 gini = 0.4444 samples = 3 value = [0, 2, 1] class = versicolor gini = 0.0 samples = 2 value = [0, 2, 0] class = versicolor gini = 0.0 samples = 1 value = [0, 0, 1] class = virginica sepal length (cm) ≤ 5.95 gini = 0.4444 samples = 3 value = [0, 1, 2] class = virginica gini = 0.0 samples = 43 value = [0, 0, 43] class = virginica gini = 0.0 samples = 1 value = [0, 1, 0] class = versicolor gini = 0.0 samples = 2 value = [0, 0, 2] class = virginica 35 Source: https://scikit-learn.org/stable/modules/tree.html
• Decision Trees have an issue with outliers in the data. • Let’s build a forest! Each tree makes a determination, classifies that sample, and gets one vote. Whichever category has the greatest number of votes, is the final classification. 36 Random Forest Classifier Source: https://stackoverflow.com/questions/40155128/plot-trees-for-a-random-forest-in-python-with-scikit-learn
Training ML Models DEMO Budapest Hackersuli Meetup 2023 December 37
Zeek Broker and Python DEMO (2) Budapest Hackersuli Meetup 2023 December 38
Conclusion Budapest Hackersuli Meetup 2023 December 39
• Google Drive: https://drive.google.com/drive/folders/14orYiq8X0MSz 42X6kii6LaSHJB_8Bfj4?usp=sharing • Shortened: https://bit.ly/3JVy64F E-mail: david.szili@alzetteinfosec.com 40 Slides and Contact
• Google Drive: https://drive.google.com/drive/folders/1bMbuLpS9GVE _3d3bHhYeRHdIvFPNiaRw?usp=sharing • Shortened: https://bit.ly/3TIZtDk E-mail: eva.szilagyi@alzetteinfosec.com david.szili@alzetteinfosec.com 41 Workshop VM and Slides
• Zeek Documentation • https://www.zeek.org/documentation/index.html • Zeek Broker Documentation • https://docs.zeek.org/projects/broker • Install Zeek • https://docs.zeek.org/en/master/install.html • Zeek on DockerHub • https://hub.docker.com/u/zeek • Try Zeek Online • http://try.zeek.org 42 References
Questions? Budapest Hackersuli Meetup 2023 December 43

Recommended

Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdf
ibramax
 
BRKSEC-3144.pdf
BRKSEC-3144.pdfBRKSEC-3144.pdf
BRKSEC-3144.pdf
HaitamSouissi1
 
SUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxSUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptx
Vasiliy Fomichev
 
FIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT AgentsFIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE
 
Kernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologiesKernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologies
Anne Nicolas
 
What's New in Grizzly & Deploying OpenStack with Puppet
What's New in Grizzly & Deploying OpenStack with PuppetWhat's New in Grizzly & Deploying OpenStack with Puppet
What's New in Grizzly & Deploying OpenStack with Puppet
Mark Voelker
 
.NET Cloud-Native Bootcamp Minneapolis
.NET Cloud-Native Bootcamp Minneapolis.NET Cloud-Native Bootcamp Minneapolis
.NET Cloud-Native Bootcamp Minneapolis
VMware Tanzu
 
Database Firewall from Scratch
Database Firewall from ScratchDatabase Firewall from Scratch
Database Firewall from Scratch
Denis Kolegov
 

Recommended

Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdf
ibramax
 
BRKSEC-3144.pdf
BRKSEC-3144.pdfBRKSEC-3144.pdf
BRKSEC-3144.pdf
HaitamSouissi1
 
SUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxSUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptx
Vasiliy Fomichev
 
FIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT AgentsFIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE
 
Kernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologiesKernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologies
Anne Nicolas
 
What's New in Grizzly & Deploying OpenStack with Puppet
What's New in Grizzly & Deploying OpenStack with PuppetWhat's New in Grizzly & Deploying OpenStack with Puppet
What's New in Grizzly & Deploying OpenStack with Puppet
Mark Voelker
 
.NET Cloud-Native Bootcamp Minneapolis
.NET Cloud-Native Bootcamp Minneapolis.NET Cloud-Native Bootcamp Minneapolis
.NET Cloud-Native Bootcamp Minneapolis
VMware Tanzu
 
Database Firewall from Scratch
Database Firewall from ScratchDatabase Firewall from Scratch
Database Firewall from Scratch
Denis Kolegov
 
Zephyr Introduction - Nordic Webinar - Sept. 24.pdf
Zephyr Introduction - Nordic Webinar - Sept. 24.pdfZephyr Introduction - Nordic Webinar - Sept. 24.pdf
Zephyr Introduction - Nordic Webinar - Sept. 24.pdf
AswathRangaraj1
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
Chris Sistrunk
 
OWASP WTE - Now in the Cloud!
OWASP WTE - Now in the Cloud!OWASP WTE - Now in the Cloud!
OWASP WTE - Now in the Cloud!
Matt Tesauro
 
Enterprise guide to building a Data Mesh
Enterprise guide to building a Data MeshEnterprise guide to building a Data Mesh
Enterprise guide to building a Data Mesh
Sion Smith
 
Как разработать DBFW с нуля
Как разработать DBFW с нуляКак разработать DBFW с нуля
Как разработать DBFW с нуля
Positive Hack Days
 
SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptxSANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
JasonOstrom1
 
Databricks Meetup @ Los Angeles Apache Spark User Group
Databricks Meetup @ Los Angeles Apache Spark User GroupDatabricks Meetup @ Los Angeles Apache Spark User Group
Databricks Meetup @ Los Angeles Apache Spark User Group
Paco Nathan
 
The Enterprise Guide to Building a Data Mesh - Introducing SpecMesh
The Enterprise Guide to Building a Data Mesh - Introducing SpecMeshThe Enterprise Guide to Building a Data Mesh - Introducing SpecMesh
The Enterprise Guide to Building a Data Mesh - Introducing SpecMesh
IanFurlong4
 
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoT
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoTZephyr: Creating a Best-of-Breed, Secure RTOS for IoT
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoT
LinuxCon ContainerCon CloudOpen China
 
4055-841_Project_ShailendraSadh
4055-841_Project_ShailendraSadh4055-841_Project_ShailendraSadh
4055-841_Project_ShailendraSadhShailendra Sadh - CISSP
 
OpenTelemetry 101 FTW
OpenTelemetry 101 FTWOpenTelemetry 101 FTW
OpenTelemetry 101 FTW
NGINX, Inc.
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3
ShivamSharma909
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
ShivamSharma909
 
Feec telecom-nw-softwarization-aug-2015
Feec telecom-nw-softwarization-aug-2015Feec telecom-nw-softwarization-aug-2015
Feec telecom-nw-softwarization-aug-2015
Christian Esteve Rothenberg
 
How to over-engineer things and have fun? | Oto Brglez, OPALAB
How to over-engineer things and have fun? | Oto Brglez, OPALABHow to over-engineer things and have fun? | Oto Brglez, OPALAB
How to over-engineer things and have fun? | Oto Brglez, OPALAB
HostedbyConfluent
 
Automating Security Response with Serverless
Automating Security Response with ServerlessAutomating Security Response with Serverless
Automating Security Response with Serverless
Michael Ducy
 
Securing the Container Pipeline at Salesforce by Cem Gurkok
Securing the Container Pipeline at Salesforce by Cem Gurkok Securing the Container Pipeline at Salesforce by Cem Gurkok
Securing the Container Pipeline at Salesforce by Cem Gurkok
Docker, Inc.
 
Scalable Open-Source IoT Solutions on Microsoft Azure
Scalable Open-Source IoT Solutions on Microsoft AzureScalable Open-Source IoT Solutions on Microsoft Azure
Scalable Open-Source IoT Solutions on Microsoft Azure
Maxim Ivannikov
 
Blue Teaming On A Budget
Blue Teaming On A BudgetBlue Teaming On A Budget
Blue Teaming On A Budget
KevinRiley83
 
StarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
StarlingX - A Platform for the Distributed Edge | Ildiko VancsaStarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
StarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
Vietnam Open Infrastructure User Group
 
2024_hackersuli_mobil_ios_android ______
2024_hackersuli_mobil_ios_android ______2024_hackersuli_mobil_ios_android ______
2024_hackersuli_mobil_ios_android ______
hackersuli
 
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája
hackersuli
 

More Related Content

Similar to [Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon

Zephyr Introduction - Nordic Webinar - Sept. 24.pdf
Zephyr Introduction - Nordic Webinar - Sept. 24.pdfZephyr Introduction - Nordic Webinar - Sept. 24.pdf
Zephyr Introduction - Nordic Webinar - Sept. 24.pdf
AswathRangaraj1
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
Chris Sistrunk
 
OWASP WTE - Now in the Cloud!
OWASP WTE - Now in the Cloud!OWASP WTE - Now in the Cloud!
OWASP WTE - Now in the Cloud!
Matt Tesauro
 
Enterprise guide to building a Data Mesh
Enterprise guide to building a Data MeshEnterprise guide to building a Data Mesh
Enterprise guide to building a Data Mesh
Sion Smith
 
Как разработать DBFW с нуля
Как разработать DBFW с нуляКак разработать DBFW с нуля
Как разработать DBFW с нуля
Positive Hack Days
 
SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptxSANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
JasonOstrom1
 
Databricks Meetup @ Los Angeles Apache Spark User Group
Databricks Meetup @ Los Angeles Apache Spark User GroupDatabricks Meetup @ Los Angeles Apache Spark User Group
Databricks Meetup @ Los Angeles Apache Spark User Group
Paco Nathan
 
The Enterprise Guide to Building a Data Mesh - Introducing SpecMesh
The Enterprise Guide to Building a Data Mesh - Introducing SpecMeshThe Enterprise Guide to Building a Data Mesh - Introducing SpecMesh
The Enterprise Guide to Building a Data Mesh - Introducing SpecMesh
IanFurlong4
 
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoT
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoTZephyr: Creating a Best-of-Breed, Secure RTOS for IoT
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoT
LinuxCon ContainerCon CloudOpen China
 
OpenTelemetry 101 FTW
OpenTelemetry 101 FTWOpenTelemetry 101 FTW
OpenTelemetry 101 FTW
NGINX, Inc.
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3
ShivamSharma909
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
ShivamSharma909
 
Feec telecom-nw-softwarization-aug-2015
Feec telecom-nw-softwarization-aug-2015Feec telecom-nw-softwarization-aug-2015
Feec telecom-nw-softwarization-aug-2015
Christian Esteve Rothenberg
 
How to over-engineer things and have fun? | Oto Brglez, OPALAB
How to over-engineer things and have fun? | Oto Brglez, OPALABHow to over-engineer things and have fun? | Oto Brglez, OPALAB
How to over-engineer things and have fun? | Oto Brglez, OPALAB
HostedbyConfluent
 
Automating Security Response with Serverless
Automating Security Response with ServerlessAutomating Security Response with Serverless
Automating Security Response with Serverless
Michael Ducy
 
Securing the Container Pipeline at Salesforce by Cem Gurkok
Securing the Container Pipeline at Salesforce by Cem Gurkok Securing the Container Pipeline at Salesforce by Cem Gurkok
Securing the Container Pipeline at Salesforce by Cem Gurkok
Docker, Inc.
 
Scalable Open-Source IoT Solutions on Microsoft Azure
Scalable Open-Source IoT Solutions on Microsoft AzureScalable Open-Source IoT Solutions on Microsoft Azure
Scalable Open-Source IoT Solutions on Microsoft Azure
Maxim Ivannikov
 
Blue Teaming On A Budget
Blue Teaming On A BudgetBlue Teaming On A Budget
Blue Teaming On A Budget
KevinRiley83
 
StarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
StarlingX - A Platform for the Distributed Edge | Ildiko VancsaStarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
StarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
Vietnam Open Infrastructure User Group
 

Similar to [Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon (20)

Zephyr Introduction - Nordic Webinar - Sept. 24.pdf
Zephyr Introduction - Nordic Webinar - Sept. 24.pdfZephyr Introduction - Nordic Webinar - Sept. 24.pdf
Zephyr Introduction - Nordic Webinar - Sept. 24.pdf
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
 
OWASP WTE - Now in the Cloud!
OWASP WTE - Now in the Cloud!OWASP WTE - Now in the Cloud!
OWASP WTE - Now in the Cloud!
 
Enterprise guide to building a Data Mesh
Enterprise guide to building a Data MeshEnterprise guide to building a Data Mesh
Enterprise guide to building a Data Mesh
 
Как разработать DBFW с нуля
Как разработать DBFW с нуляКак разработать DBFW с нуля
Как разработать DBFW с нуля
 
SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptxSANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
 
Databricks Meetup @ Los Angeles Apache Spark User Group
Databricks Meetup @ Los Angeles Apache Spark User GroupDatabricks Meetup @ Los Angeles Apache Spark User Group
Databricks Meetup @ Los Angeles Apache Spark User Group
 
The Enterprise Guide to Building a Data Mesh - Introducing SpecMesh
The Enterprise Guide to Building a Data Mesh - Introducing SpecMeshThe Enterprise Guide to Building a Data Mesh - Introducing SpecMesh
The Enterprise Guide to Building a Data Mesh - Introducing SpecMesh
 
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoT
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoTZephyr: Creating a Best-of-Breed, Secure RTOS for IoT
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoT
 
4055-841_Project_ShailendraSadh
4055-841_Project_ShailendraSadh4055-841_Project_ShailendraSadh
4055-841_Project_ShailendraSadh
 
OpenTelemetry 101 FTW
OpenTelemetry 101 FTWOpenTelemetry 101 FTW
OpenTelemetry 101 FTW
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
Feec telecom-nw-softwarization-aug-2015
Feec telecom-nw-softwarization-aug-2015Feec telecom-nw-softwarization-aug-2015
Feec telecom-nw-softwarization-aug-2015
 
How to over-engineer things and have fun? | Oto Brglez, OPALAB
How to over-engineer things and have fun? | Oto Brglez, OPALABHow to over-engineer things and have fun? | Oto Brglez, OPALAB
How to over-engineer things and have fun? | Oto Brglez, OPALAB
 
Automating Security Response with Serverless
Automating Security Response with ServerlessAutomating Security Response with Serverless
Automating Security Response with Serverless
 
Securing the Container Pipeline at Salesforce by Cem Gurkok
Securing the Container Pipeline at Salesforce by Cem Gurkok Securing the Container Pipeline at Salesforce by Cem Gurkok
Securing the Container Pipeline at Salesforce by Cem Gurkok
 
Scalable Open-Source IoT Solutions on Microsoft Azure
Scalable Open-Source IoT Solutions on Microsoft AzureScalable Open-Source IoT Solutions on Microsoft Azure
Scalable Open-Source IoT Solutions on Microsoft Azure
 
Blue Teaming On A Budget
Blue Teaming On A BudgetBlue Teaming On A Budget
Blue Teaming On A Budget
 
StarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
StarlingX - A Platform for the Distributed Edge | Ildiko VancsaStarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
StarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
 

More from hackersuli

2024_hackersuli_mobil_ios_android ______
2024_hackersuli_mobil_ios_android ______2024_hackersuli_mobil_ios_android ______
2024_hackersuli_mobil_ios_android ______
hackersuli
 
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája
hackersuli
 
[Hackersuli]Privacy on the blockchain
[Hackersuli]Privacy on the blockchain[Hackersuli]Privacy on the blockchain
[Hackersuli]Privacy on the blockchain
hackersuli
 
[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx
[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx
[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx
hackersuli
 
[Hackersuli][HUN] GSM halozatok hackelese
[Hackersuli][HUN] GSM halozatok hackelese[Hackersuli][HUN] GSM halozatok hackelese
[Hackersuli][HUN] GSM halozatok hackelese
hackersuli
 
Hackersuli Minecraft hackeles kezdoknek
Hackersuli Minecraft hackeles kezdoknekHackersuli Minecraft hackeles kezdoknek
Hackersuli Minecraft hackeles kezdoknek
hackersuli
 
HUN Hackersuli - How to hack an airplane
HUN Hackersuli - How to hack an airplaneHUN Hackersuli - How to hack an airplane
HUN Hackersuli - How to hack an airplane
hackersuli
 
[HUN][Hackersuli] Cryptocurrency scams
[HUN][Hackersuli] Cryptocurrency scams[HUN][Hackersuli] Cryptocurrency scams
[HUN][Hackersuli] Cryptocurrency scams
hackersuli
 
[Hackersuli] [HUN] Windows a szereloaknan
[Hackersuli] [HUN] Windows a szereloaknan[Hackersuli] [HUN] Windows a szereloaknan
[Hackersuli] [HUN] Windows a szereloaknan
hackersuli
 
[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok
[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok
[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok
hackersuli
 
[HUN] Hackersuli - Console and arcade game hacking – history, present, future
[HUN] Hackersuli - Console and arcade game hacking – history, present, future[HUN] Hackersuli - Console and arcade game hacking – history, present, future
[HUN] Hackersuli - Console and arcade game hacking – history, present, future
hackersuli
 
Hackersuli - Linux game hacking with LD_PRELOAD
Hackersuli - Linux game hacking with LD_PRELOADHackersuli - Linux game hacking with LD_PRELOAD
Hackersuli - Linux game hacking with LD_PRELOAD
hackersuli
 
[HUN][hackersuli] Malware avengers
[HUN][hackersuli] Malware avengers[HUN][hackersuli] Malware avengers
[HUN][hackersuli] Malware avengers
hackersuli
 
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
hackersuli
 
[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...
[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...
[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...
hackersuli
 
[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...
[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...
[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...
hackersuli
 
[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...
[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...
[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...
hackersuli
 
Kriptovaluták, hashbányászat és okoscicák
Kriptovaluták, hashbányászat és okoscicákKriptovaluták, hashbányászat és okoscicák
Kriptovaluták, hashbányászat és okoscicák
hackersuli
 
Hogy jussunk ki lezárt hálózatokból?
Hogy jussunk ki lezárt hálózatokból?Hogy jussunk ki lezárt hálózatokból?
Hogy jussunk ki lezárt hálózatokból?
hackersuli
 
Hardware hacking 1x1 by Dnet
Hardware hacking 1x1 by DnetHardware hacking 1x1 by Dnet
Hardware hacking 1x1 by Dnet
hackersuli
 

More from hackersuli (20)

2024_hackersuli_mobil_ios_android ______
2024_hackersuli_mobil_ios_android ______2024_hackersuli_mobil_ios_android ______
2024_hackersuli_mobil_ios_android ______
 
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája
 
[Hackersuli]Privacy on the blockchain
[Hackersuli]Privacy on the blockchain[Hackersuli]Privacy on the blockchain
[Hackersuli]Privacy on the blockchain
 
[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx
[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx
[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx
 
[Hackersuli][HUN] GSM halozatok hackelese
[Hackersuli][HUN] GSM halozatok hackelese[Hackersuli][HUN] GSM halozatok hackelese
[Hackersuli][HUN] GSM halozatok hackelese
 
Hackersuli Minecraft hackeles kezdoknek
Hackersuli Minecraft hackeles kezdoknekHackersuli Minecraft hackeles kezdoknek
Hackersuli Minecraft hackeles kezdoknek
 
HUN Hackersuli - How to hack an airplane
HUN Hackersuli - How to hack an airplaneHUN Hackersuli - How to hack an airplane
HUN Hackersuli - How to hack an airplane
 
[HUN][Hackersuli] Cryptocurrency scams
[HUN][Hackersuli] Cryptocurrency scams[HUN][Hackersuli] Cryptocurrency scams
[HUN][Hackersuli] Cryptocurrency scams
 
[Hackersuli] [HUN] Windows a szereloaknan
[Hackersuli] [HUN] Windows a szereloaknan[Hackersuli] [HUN] Windows a szereloaknan
[Hackersuli] [HUN] Windows a szereloaknan
 
[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok
[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok
[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok
 
[HUN] Hackersuli - Console and arcade game hacking – history, present, future
[HUN] Hackersuli - Console and arcade game hacking – history, present, future[HUN] Hackersuli - Console and arcade game hacking – history, present, future
[HUN] Hackersuli - Console and arcade game hacking – history, present, future
 
Hackersuli - Linux game hacking with LD_PRELOAD
Hackersuli - Linux game hacking with LD_PRELOADHackersuli - Linux game hacking with LD_PRELOAD
Hackersuli - Linux game hacking with LD_PRELOAD
 
[HUN][hackersuli] Malware avengers
[HUN][hackersuli] Malware avengers[HUN][hackersuli] Malware avengers
[HUN][hackersuli] Malware avengers
 
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
 
[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...
[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...
[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...
 
[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...
[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...
[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...
 
[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...
[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...
[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...
 
Kriptovaluták, hashbányászat és okoscicák
Kriptovaluták, hashbányászat és okoscicákKriptovaluták, hashbányászat és okoscicák
Kriptovaluták, hashbányászat és okoscicák
 
Hogy jussunk ki lezárt hálózatokból?
Hogy jussunk ki lezárt hálózatokból?Hogy jussunk ki lezárt hálózatokból?
Hogy jussunk ki lezárt hálózatokból?
 
Hardware hacking 1x1 by Dnet
Hardware hacking 1x1 by DnetHardware hacking 1x1 by Dnet
Hardware hacking 1x1 by Dnet
 

Recently uploaded

1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
The AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfThe AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdf
SiskaFitrianingrum
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptx
abhinandnam9997
 
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
aagad
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
Himani415946
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
natyesu
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
laozhuseo02
 
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptxLiving-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
TristanJasperRamos
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Sanjeev Rampal
 

Recently uploaded (12)

1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
The AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfThe AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdf
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptx
 
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptxLiving-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 

[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon

  • 1. Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon Budapest Hackersuli Meetup 2024 Május 1 Szili Dávid
  • 2. Nem, még mindig nem vettem magyar kiosztású billentyűzetet! Ezt a két slide-ot is kínszenvedés volt ékezetekkel megírni! 2 Dávid, magyarul lécci… (Diszklémer 1)
  • 3. Diszklémer 2 • We are going to discuss intermediate/advanced topics! • The assumption is that you are somewhat familiar with security monitoring and/or machine learning concepts. • Originally, this was a workshop, NOT a presentation • Finally; none of this is our own research! We are just connecting dots (see refs later)! 3
  • 4. ChatGPT-4/DALL-E3 prompt: This is too scary now, keep the original image, all the details, but make it look cute, and transform it into cartoon network art style, like the style of Dexter's Laboratory, or Power Puff Girls ChatGPT-4/DALL-E3 prompt: Make an epic portrait of a Terminator T-800 with red glowing eyes and a python wrapped around its neck, where the python is showing its fangs as it is about to attack. Make it dynamic, cinematic, highly detailed, packed with hidden details, style, high dynamic range, hyper-realistic, realistic, attention to detail. Diszklémer 3 4
  • 5. • Managing partner at Alzette Information Security (@AlzetteInfoSec) • Network penetration testing, security architectures, security monitoring, threat hunting, incident response, digital forensics • Instructor at SANS Institute: FOR572, FOR509 • SANS Lead author: SANS DFIR NetWars • BSides Luxembourg Organizer: https://bsideslux.lu • Twitch: https://www.twitch.tv/alzetteinfosec • YouTube: https://www.youtube.com/@alzetteinfosec • Twitter (X): @DavidSzili • E-mail: david.szili@alzetteinfosec.com 5 About David
  • 6. Agenda for Today Introduction to Zeek Machine Learning on Zeek Logs Snakes!  (Anaconda and Python) Zeek Broker and Machine Learning 6
  • 7. Introduction to Zeek Budapest Hackersuli Meetup 2023 December 7
  • 8. About Zeek What is Zeek? • Passive, open-source network traffic analyzer • Event/data-driven NIDS/NSM • Fully customizable and extensible platform for traffic analysis • Can run on commodity hardware (up to 10GbE or even 100GbE links) • Commercial offerings: Corelight Why Zeek? • Network Intrusion Detection Systems (NIDS) • Alert data only • Network Security Monitoring (NSM) • Alert data • Flow (or Session) data • Transaction data • Packet data (PCAP) • Statistical data • Correlated data 8
  • 9. Zeek’s History • 1995 – Initial version by Vern Paxson • 1996 – Berkeley Lab deployment • 2003 – National Science Foundation (NSF) began supporting Bro R&D • 2010 – National Center for Supercomputing Applications (NCSA) joined the team as a core partner • 2013 – NSF renewed its support • 2014 – try.bro.org (now try.zeek.org) • 2016 – Zeek package manager • 2018 – Changing the name of the software from Bro to Zeek. • 2020 – Spicy Parser Generator 9
  • 10. Zeek’s Cluster Architecture (1) • Standalone vs. cluster mode • Network Frontend: • hardware flow balancers • on-host flow balancing (PF_RING) • Manager: central log collector • Worker: traffic inspection, stream reassembly, protocol analysis • Proxy: synchronizing Zeek state • Logger (optional): receives log messages from nodes 10 Source: https://docs.zeek.org/en/master/_images/deployment.png
  • 11. Zeek’s Internal Architecture • Event Engine: runs protocol analyzers, generates network events • Policy Script Interpreter: performs action/writes output 11 Source: https://docs.zeek.org/en/master/_images/architecture.png
  • 12. • Zeek’s Event Engine: • Reduces the incoming packet stream into a series of higher-level events • Places events into an ordered "event queue“ • Events: • State change (new_connection, signature_match) • Protocol specific (http_response, dns_request) • Data availability (http_entity_data, file_sniff) • Etc. 12 Zeek Events
  • 13. Zeek Logs (Just a Few Examples) Log File Description conn.log TCP/UDP/ICMP connections dhcp.log DHCP leases dns.log DNS activity ftp.log FTP activity http.log HTTP requests and replies rdp.log RDP smb_cmd.log SMB commands smb_files.log SMB files ssh.log SSH connections Log File Description ssl.log SSL/TLS handshake info files.log File analysis results x509.log X.509 certificate info intel.log Intelligence data matches notice.log Zeek notices signatures.log Signature matches known_hosts.log Hosts seen (TCP handshakes) software.log Software seen on the network weird.log Unexpected network activity 13 Complete list: https://docs.zeek.org/en/master/script-reference/log-files.html Details: https://docs.zeek.org/en/master/logs/index.html
  • 14. Framework Description Broker Communication Framework Exchange information with other Zeek processes Cluster Framework The basic premise of Zeek clusterization Configuration Framework Allows updating script options dynamically at runtime File Analysis Framework Generalized presentation of file-related information Input Framework Allows users to import data into Zeek Intelligence Framework Consume data and make it available for matching Logging Framework Fine-grained control of what and how is logged Management Framework Provides a Zeek-based, service-oriented architecture NetControl Framework Flexible, unified interface for active response 14 Zeek Frameworks (1) Source: https://docs.zeek.org/en/master/frameworks/index.html
  • 15. Framework Description NetControl Framework Flexible, unified interface for active response Notice Framework Detect potentially interesting situations and take action Packet Analysis Handles parsing of packet headers at layers Summary Statistics Framework Measuring aspects of network traffic Signature Framework Signature language for low-level pattern matching Telemetry Framework Can be used to record metrics TLS Decryption Limited support for decrypting TLS connections 15 Zeek Frameworks (2) Source: https://docs.zeek.org/en/master/frameworks/index.html
  • 16. • Event-driven • Domain-specific • Turing-complete • Based on ML (LISP-like) • Basically, all Zeek output is generated by Zeek scripts! 16 Zeek Scripting Overview Source: https://docs.zeek.org/en/master/script-reference/index.html
  • 18. Machine Learning on Zeek Logs Budapest Hackersuli Meetup 2023 December 18
  • 19. • From the Stratosphere Laboratory team: • StratosphereLinuxIPS (SLIPS): https://github.com/stratosphereips/StratosphereLinuxIPS • zeek_anomaly_detector: https://github.com/stratosphereips/zeek_anomaly_detector • From the Active Countermeasures team: • Real Intelligence Threat Analytics (RITA): https://github.com/activecm/rita/ • AC-Hunter Community Edition: https://www.activecountermeasures.com/ac-hunter-community- edition/ 19 Tools to Parse and Analyze Zeek Logs
  • 20. Machine Learning on Zeek Logs DEMO (1) Budapest Hackersuli Meetup 2023 December 20
  • 21. Budapest Hackersuli Meetup 2023 December 21 Snakes!  (Anaconda and Python)
  • 22. Anaconda, Jupyter Labs, Python • We are going to use the following tools: • Anaconda • Jupyter Lab • Python (no, not R ) • pandas • numpy • mathplotlib • scikit-learn • tensorflow 22 Source: https://twitter.com/aboutsecurity/status/1094277269751762946
  • 23. • None of this is our own research! We are just connecting dots! • Largely based on David Hoelzer’s SANS “SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals” Day 2 labs: • https://www.sans.org/cyber-security-courses/applied-data-science-machine-learning/ • Go check out David Hoelzer’s YouTube channel: • https://www.youtube.com/@DHAtEnclaveForensics/videos • Also, check out David Hoelzer’s other presentations on the SANS Cyber Defense YouTube channel: • https://www.youtube.com/@SANSCyberDefense/search?query=Hoelzer • We also used Nik Alleyne’s blog post and GitHub repository: • https://www.securitynik.com/2023/10/beginning-fourier-transform-detecting.html • https://showmethepackets.com/index.php/2023/10/09/beginning-fourier-transform-detecting-beaconing- in-our-networks/ • https://github.com/SecurityNik/Data-Science-and- ML/blob/main/Beginning%20Fourrier%20Transform%20for%20Beacon%20Detection%20-%20Blog.ipynb 23 Disclaimer / Credits
  • 24. (Discrete) Fourier Transform and (R)FFT 24 Sources: https://www.thefouriertransform.com/ https://en.wikipedia.org/wiki/Discrete_Fourier_transform and https://en.wikipedia.org/wiki/Fast_Fourier_transform
  • 25. Machine Learning on Zeek Logs DEMO (2) Budapest Hackersuli Meetup 2023 December 25
  • 26. Zeek Broker and Machine Learning Budapest Hackersuli Meetup 2023 December 26
  • 27. • Broker is a library for type-rich publish/subscribe communication • It is the successor of Broccoli • It enables arbitrary applications to communicate in Zeek’s data model • Broker also offers distributed key-value stores to facilitate unified data management and persistence 27 Zeek Broker
  • 28. Broker Overview • Endpoints: data senders and receivers. • Peering: to publish or receive messages an endpoint needs to peer with other endpoints. • Messages: information to send • Topics: filters for a publish or subscribe communication pattern. • Subscriptions: peers only receive messages which match one of their subscriptions. • Data stores: distributed key-value stores. 28
  • 29. • Almost all functionality of Broker is also accessible through Python bindings • The Python API mostly mimics the C++ interface • Installation: • Virtual Environment (compiled Broker from source) • Binary package: $(PREFIX)/zeek/lib/zeek/python/ • Your Broker version must match your Zeek version! 29 Broker’s Python Bindings import sys sys.path.append('/opt/zeek/lib/zeek/python/')
  • 30. • None of this is our own research! We are just connecting dots! • Largely based on David Hoelzer’s livestream recordings, presentations, and his SANS “SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals” Day 3 and Day 5 labs: • https://www.sans.org/cyber-security-courses/applied-data-science-machine-learning/ • Go check out David Hoelzer’s YouTube channel: • https://www.youtube.com/@DHAtEnclaveForensics/videos • We used code from these videos: • Machine Learning with Zeek and Tensorflow Part 1: https://www.youtube.com/watch?v=5w25kEMLdQk • Machine Learning with Zeek and Tensorflow - Part 2: Processing the Data: https://www.youtube.com/watch?v=8qJFnX214yE • Threat Hunting with Data Science, Machine Learning, and Artificial Intelligence: https://www.youtube.com/watch?v=fdqFdnkf9I4 • Also, check out David Hoelzer’s other presentations on the SANS Cyber Defense YouTube channel: • https://www.youtube.com/@SANSCyberDefense/search?query=Hoelzer 30 Disclaimer / Credits (1)
  • 31. • We used the code from the Zeek Broker documentation: • https://docs.zeek.org/projects/broker/en/master/python.html • We also used a little Dr. Keith Jones’ “How To Easily Connect Zeek to Python” YouTube video, blog, and GitHub repository: • https://www.youtube.com/watch?v=iIYi17VqFkY • https://drkeithjones.com/index.php/2023/03/11/how-to-connect-zeek-to-python/ • https://github.com/keithjjones/zeek-python-broker-demo • Go check out Dr. Keith Jones’ YouTube channel: • https://www.youtube.com/@dr.keithjones 31 Disclaimer / Credits (2)
  • 32. Zeek Broker and Python DEMO (1) Budapest Hackersuli Meetup 2023 December 32
  • 34. Convolutional Neural Networks 34 Source: https://saturncloud.io/blog/a-comprehensive-guide-to-convolutional-neural-networks-the-eli5-way/
  • 35. Decision Tree Classifier • Non-parametric supervised learning method • Gini coefficient: represents the differences between areas • The algorithm used to build the decision tree is attempting to maximize the information gain at every decision node petal length (cm) ≤ 2.45 gini = 0.6667 samples = 150 value = [50, 50, 50] class = setosa gini = 0.0 samples = 50 value = [50, 0, 0] class = setosa True petal width (cm) ≤ 1.75 gini = 0.5 samples = 100 value = [0, 50, 50] class = versicolor False petal length (cm) ≤ 4.95 gini = 0.168 samples = 54 value = [0, 49, 5] class = versicolor petal length (cm) ≤ 4.85 gini = 0.0425 samples = 46 value = [0, 1, 45] class = virginica petal width (cm) ≤ 1.65 gini = 0.0408 samples = 48 value = [0, 47, 1] class = versicolor petal width (cm) ≤ 1.55 gini = 0.4444 samples = 6 value = [0, 2, 4] class = virginica gini = 0.0 samples = 47 value = [0, 47, 0] class = versicolor gini = 0.0 samples = 1 value = [0, 0, 1] class = virginica gini = 0.0 samples = 3 value = [0, 0, 3] class = virginica sepal length (cm) ≤ 6.95 gini = 0.4444 samples = 3 value = [0, 2, 1] class = versicolor gini = 0.0 samples = 2 value = [0, 2, 0] class = versicolor gini = 0.0 samples = 1 value = [0, 0, 1] class = virginica sepal length (cm) ≤ 5.95 gini = 0.4444 samples = 3 value = [0, 1, 2] class = virginica gini = 0.0 samples = 43 value = [0, 0, 43] class = virginica gini = 0.0 samples = 1 value = [0, 1, 0] class = versicolor gini = 0.0 samples = 2 value = [0, 0, 2] class = virginica 35 Source: https://scikit-learn.org/stable/modules/tree.html
  • 36. • Decision Trees have an issue with outliers in the data. • Let’s build a forest! Each tree makes a determination, classifies that sample, and gets one vote. Whichever category has the greatest number of votes, is the final classification. 36 Random Forest Classifier Source: https://stackoverflow.com/questions/40155128/plot-trees-for-a-random-forest-in-python-with-scikit-learn
  • 37. Training ML Models DEMO Budapest Hackersuli Meetup 2023 December 37
  • 38. Zeek Broker and Python DEMO (2) Budapest Hackersuli Meetup 2023 December 38
  • 40. • Google Drive: https://drive.google.com/drive/folders/14orYiq8X0MSz 42X6kii6LaSHJB_8Bfj4?usp=sharing • Shortened: https://bit.ly/3JVy64F E-mail: david.szili@alzetteinfosec.com 40 Slides and Contact
  • 41. • Google Drive: https://drive.google.com/drive/folders/1bMbuLpS9GVE _3d3bHhYeRHdIvFPNiaRw?usp=sharing • Shortened: https://bit.ly/3TIZtDk E-mail: eva.szilagyi@alzetteinfosec.com david.szili@alzetteinfosec.com 41 Workshop VM and Slides
  • 42. • Zeek Documentation • https://www.zeek.org/documentation/index.html • Zeek Broker Documentation • https://docs.zeek.org/projects/broker • Install Zeek • https://docs.zeek.org/en/master/install.html • Zeek on DockerHub • https://hub.docker.com/u/zeek • Try Zeek Online • http://try.zeek.org 42 References