Uploaded bynilaygupta3003
PPTX, PDF29 views

Hacktoberfest'24 _ GDG on Campus BU.pptx

Hacktoberfest is an annual celebration in October that promotes open-source software contributions on platforms like GitHub and GitLab. The event provides real-world experience, enhances credibility, and offers networking opportunities for developers, while encouraging participation in projects through contributions. It also highlights the significance of open source in cybersecurity and showcases tools like Intelowl for threat intelligence analysis.

Embed presentation

Download to read offline
welcomes you to HACKTOBERFEST !!
What is Hacktoberfest ?? Hacktoberfest is an annual, month- long celebration of open-source software development, held every October, which encourages developers of all skill levels to contribute to open-source projects hosted on GitHub and GitLab.
then what’s Open Source?? Open source refers to a software development model where the source code is made publicly available for anyone to use, modify, and distribute. Open source projects are often developed collaboratively by a community of developers and contributors. The idea behind open source is to promote transparency, collaboration, and continuous improvement.
WHY Open Source?? - Real-World Experience: Open-source contributions let students apply classroom knowledge to real-world projects, gaining practical coding and problem-solving skills. - Increases Legitimacy: Your work is publicly visible on platforms like GitHub, providing proof of your coding skills and commitment, boosting credibility with recruiters. ?
WHY Open Source?? - Networking: Collaborating on projects connects you with industry professionals and other developers, opening doors to mentorship and job opportunities. - Strong Portfolio: Contributions show real project experience, enhancing your portfolio and making you stand out for internships and jobs. ?
PAR BHAI START KAISE KARU??? GIT KAISE CHALATE HAII??? Best Way? Cheat Sheet. (check this out)
Time to get our hands dirty!!
LET’S INSTALL GIT (i mean we asked you to do it pehle se) (angri 😾)
Which of the following is a popular open-source web browser? A) Safari B) Internet Explorer C) Mozilla Firefox D) Google Chrome
Which open-source office suite is considered an alternative to Microsoft Office? A) LibreOffice B) Google Docs C) Apple iWork D) WPS Office
Who is considered the creator of Linux?
What version control system is commonly used in open source development?
MERN STACK??
Git and Node js Installation
Node js ?
- Javascript Runtime - What does it actually change in development - NPM contains over 1.5 million packages - Cross Platform ?
HTML, CSS, JS and now WHAT ?
REACT -Facebook, 2013
- Component based Javascript library - Simplicity in its component Based structure (JSX) - Community help - Various frontend issues on big orgs React in OS :
Sample Contribution ;)
Steps 1- Fork the following repository
Steps 2- Clone it using git git clone <repoLink>
Steps 3- Follow along (installing packages ,running the code and doing some changes) 4- git status 5- git add <directory> 6- git commit -m “my first commit” 7- git push origin main 8- Follow along
FAQs
OSINT????
What is OSINT (Open Source Intelligence)
(^.^) OSINT refers to collecting and analyzing publicly available data from Open sources.
It isn’t A Modern Technique
World War II
Open sources. Person Company Organisarion Social media
Most Popular Tool For Accessing OSINT
Google Dorking
Resource: OSINT FrameWork
- Respect privacy laws - Avoid malicious uses - Ensure OSINT is conducted within legal boundaries
A Cyber Security Analyst
- Early Threat Detection - Vulnerability Assessment - Threat Intelligence Sharing - Tracking and Monitoring Cybercriminals Importance of OSINT in Cyber Security
- Threat Hunting and Early Detection - Incident Investigation - Cybersecurity Awareness and Reporting And many moree… What does a cyber security analyst do with OSINT
On Campus • Bennett University GROW with GOOGLE Grow, Learn, Connect TOGETHER Nilay Gupta GDG on Campus Organiser/Lead
Welcome Everyone!
this talk, What did we just do? How to OSS your way?? GSoC Honeynet’s IntelOwl Some more on GSoC :P
fork->clone->install->run->
1.Ask the right questions (literally!!)
Bad questions: These questions won't get you too far in an online communities. (Rule of thumb: Try to not be lazy and do your research!) "Bhaiya bhaiya, Meine thodi C++ ki hai mein GSoC kaise karu?" → Truly answering this requires research “What is open source/gsoc?” → Easy to google "Bhaiya roadmap bna doge hamare liye?" → Easy to google "installing and setting up arch isn't even that tough. Why the ego?" → too brave
Good questions: (Rule of thumb: Always google your questions first and try being specific.) - "Hey, My opensearch instance isn't working. It is giving xyz error that I think is because of abc" → Precise - "I know this should be obvious but it isn't, where does a smart contract run it's code? I am not sure about this because I can't believe that it runs the same code everywhere. That's inefficient!" → The answer to it is actually pretty interesting. - "How do computers even generate random numbers? I know it has something to do with seeding but how do kernels even come up with the seeds?" → At least shows that you tried.
2. How do you get good enough’ ?
2. How do you get good enough’ ? (that's the neat part, you don't :P)
3. How to get into FOSS ?
Basic guidelines - Find a project you like (algora.io, up-for-grabs.net, reddit, friends, GSoC projects etc) - If you're new to either the tech stack or the project, finding an issue with the tag "Good first issue" might be useful! - Speak to maintainers and ask them help to set it up And get gud :)
4. Some cool programs :) (which you’ve been waiting for)
Remember, these are supposed to be entry level :) Google Summer of Code Students work with mentors from participating organizations, gaining practical coding experience while enhancing their resumes. LFX Mentorship LFX Mentorship, part of the Linux Foundation, offers a structured mentorship platform for students and early-career professionals. Hacktoberfest Hacktoberfest is an annual event that encourages students and developers to contribute to open source projects by submitting pull requests on GitHub in return for merch (stopped from this year) :)
DO NOT JUST EDIT A README FILE!!!!
IntelOwl Project Making the life of cyber security analysts easier
Say “hi” to the team :) Matteo Lodi @matte_lodi Threat Intelligence Team @0ssig3no Simone Berni mlodic 0ssigeno
Enjoying myself in the Cyber Security field!
Enjoying myself in the Cyber Security field! I have the best colleagues ever!
Enjoying myself in the Cyber Security field! I have the best colleagues ever! I’ll never stop learning!
Enjoying myself in the Cyber Security field! I have the best colleagues ever! I’ll never stop learning! We are like superheroes!
Enjoying myself in the Cyber Security field! I have the best colleagues ever! I’ll never stop learning! We are like superheroes! This is my dream job!
Unveil the reality
Unveil the reality Cyber security analysts are: ● understaffed ● overworked ● working 24/7 ● without work-life balance ● used as scapegoats ● do a lot of manual work ref: Bitlyft ref: DarkReading ref: AECS
Automate, automate, automate 2017: ● Working in a little team of cyber security analysts ● Overwhelmed by security alerts ● Stuck in repetitive and boring tasks ● Burnt-out myself
Automate, automate, automate 2017: ● Working in a little team of cyber security analysts ● Overwhelmed by security alerts ● Stuck in repetitive and boring tasks ● Burnt-out myself We needed to start to automate our most
The bottleneck: acquisition of threat intelligence context www.suspicious.domain.com suspicious file analyst
The bottleneck: acquisition of threat intelligence context www.suspicious.domain.com suspicious file analyst ... analyst
The bottleneck: acquisition of threat intelligence context www.suspicious.domain.com suspicious file a single button click or a single API request Magic Security Tool analyst ... analyst analyst
We were looking for a tool Our requirements were:
We were looking for a tool ● Automated extraction of threat intelligence data from different sources ● Full-featured Web Application with user- friendly interface Our requirements were:
We were looking for a tool ● Automated extraction of threat intelligence data from different sources ● Full-featured Web Application with user- friendly interface ● Client library for easy integrations with other security tools ● High possibility of customization to allow different use cases Our requirements were:
We were looking for a tool ● Automated extraction of threat intelligence data from different sources ● Full-featured Web Application with user- friendly interface ● Client library for easy integrations with other security tools ● High possibility of customization to allow different use cases ● High level of scalability and speed ● Open source Our requirements were:
We were looking for a tool ● Automated extraction of threat intelligence data from different sources ● Full-featured Web Application with user- friendly interface ● Client library for easy integrations with other security tools ● High possibility of customization to allow different use cases ● High level of scalability and speed ● Open source ● Written with the most recent technologies ● Well maintained and updated Our requirements were:
IntelOwl was born Born in Certego at the start of 2020, it is a great example of a successful Open Source project: right now it is one of the most popular Threat Intel projects on GitHub (>3k stars). IntelOwl provides data enrichment of threat intel artifacts (IP, Domain, URL, files, PCAP, hash, etc).
IntelOwl solution www.suspicious.domain.com WithOUT Intel Owl suspicious file analyst ... analyst
IntelOwl solution www.suspicious.domain.com WithOUT Intel Owl With Intel Owl suspicious file analyst analyzers analyst a single button click or a single API request ... analyst
IntelOwl Repository & Tech Stack The most common (and open source) technologies and framework are used and we keep them constantly updated: ● Docker ● Python3 ● ReactJS ● Django ecosystem ● Celery ● PostgreSQL ● ElasticSearch ● Nginx ● Uwsgi ● Daphne ● RabbitMQ/SQS/Redis
IntelOwl: How to use the platform
IntelOwl: Phishing verification
Thank you for listening! intelowlproject/ IntelOwl This presentation was reviewed and built together with our awesome team: Daniele Rosetti, Pier Giorgio Bergonzi and Martina Carella. The icons were collected from: FlatIcon Memes were generated with Imgflip @intel_owl
Happy?
What’s in a name ;) - Google Developers Groups On Campus Organiser by Google - Google Summer of Code 2024 at Honeynet with over 30,000 lines of code - Smart Bu Hackathon #4, 2023 - 9 CGPA :P - Founded a tech community in high school - Fullstack, DevOps and Cloud [Java, Js, Ts, Go, Py, C++] - Organised and hosted 20+ on campus events with my team <3 - Reached over 10,000 students in the last 3 years - BLAH, BLAH, BLAH----------------------------------------------->
THANKS FOR JOINING!! KEEP CONTRIBUTING!!!

More Related Content

PDF
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
byFINOS
 
PDF
Экспресс-анализ вредоносов / Crowdsourced Malware Triage
byPositive Hack Days
 
PDF
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
byDenim Group
 
PPTX
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
byBlack Duck by Synopsys
 
PPTX
Security in the age of open source - Myths and misperceptions
byTim Mackey
 
PPTX
Embracing DevSecOps: A Changing Security Landscape for the US Government
byDJ Schleen
 
PPTX
Open Security - Chad Cravens
byIT-oLogy
 
PPTX
Cyber Security and Open Source
byPOSSCON
 
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
byFINOS
 
Экспресс-анализ вредоносов / Crowdsourced Malware Triage
byPositive Hack Days
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
byDenim Group
 
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
byBlack Duck by Synopsys
 
Security in the age of open source - Myths and misperceptions
byTim Mackey
 
Embracing DevSecOps: A Changing Security Landscape for the US Government
byDJ Schleen
 
Open Security - Chad Cravens
byIT-oLogy
 
Cyber Security and Open Source
byPOSSCON
 

Similar to Hacktoberfest'24 _ GDG on Campus BU.pptx

PDF
Software Mining and Software Datasets
byTao Xie
 
PDF
Security in open source projects
byJose Manuel Ortega Candel
 
PDF
Osint presentation nov 2019
byPriyanka Aash
 
PDF
Open Source evaluation: A comprehensive guide on what you are using
byAll Things Open
 
PDF
stackconf 2024 | How to hack and defend (your) open source by Roman Zhukov.pdf
byNETWAYS
 
PDF
Shift Left Security
bygjdevos
 
PDF
Creating an Open Source Office: Lessons from Twitter
byChris Aniszczyk
 
PPTX
Managing Open Source in Application Security and Software Development Lifecycle
byBlack Duck by Synopsys
 
DOCX
FBI & Secret Service- Business Email Compromise Workshop
byErnest Staats
 
DOCX
FBI & Secret Service- Business Email Compromise Workshop
byErnest Staats
 
PDF
Construye tu stack de ciberseguridad con open source
bySoftware Guru
 
PDF
Let's talk FOSS!
byAditiSaxena72
 
PPTX
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...
byBlack Duck by Synopsys
 
PDF
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
byChetan Khatri
 
PDF
Global Open Source Development 2011-2014 Review and 2015 Forecast
bySammy Fung
 
PPT
Integris Security - Hacking With Glue ℠
byIntegris Security LLC
 
PDF
Linux Security for Developers
byMichael Boelen
 
PPTX
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
byWhiteSource
 
PDF
BSides Lisbon - Data science, machine learning and cybersecurity
byTiago Henriques
 
PDF
GIT IT DONE.pdf
byBijayJiwrajka
 
Software Mining and Software Datasets
byTao Xie
 
Security in open source projects
byJose Manuel Ortega Candel
 
Osint presentation nov 2019
byPriyanka Aash
 
Open Source evaluation: A comprehensive guide on what you are using
byAll Things Open
 
stackconf 2024 | How to hack and defend (your) open source by Roman Zhukov.pdf
byNETWAYS
 
Shift Left Security
bygjdevos
 
Creating an Open Source Office: Lessons from Twitter
byChris Aniszczyk
 
Managing Open Source in Application Security and Software Development Lifecycle
byBlack Duck by Synopsys
 
FBI & Secret Service- Business Email Compromise Workshop
byErnest Staats
 
FBI & Secret Service- Business Email Compromise Workshop
byErnest Staats
 
Construye tu stack de ciberseguridad con open source
bySoftware Guru
 
Let's talk FOSS!
byAditiSaxena72
 
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...
byBlack Duck by Synopsys
 
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
byChetan Khatri
 
Global Open Source Development 2011-2014 Review and 2015 Forecast
bySammy Fung
 
Integris Security - Hacking With Glue ℠
byIntegris Security LLC
 
Linux Security for Developers
byMichael Boelen
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
byWhiteSource
 
BSides Lisbon - Data science, machine learning and cybersecurity
byTiago Henriques
 
GIT IT DONE.pdf
byBijayJiwrajka
 

Recently uploaded

PPTX
Corporate AI Training to AI Enable a Company Workforce
byStélio Inácio
 
PDF
Navigating the Spectrum of Advanced AI – Agentic, Autonomous, and Autopoietic...
byScott M. Graffius
 
PDF
Industrial RFID Landscape for 2025 - Readers, Tags, Antennas, Printers, etc
byRich Rogers
 
PDF
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
PDF
MAD (1).pdf Mobile application develipment
byprathiT1
 
PDF
AI Infrastructure and the Compute Gap - Matt Dratch
byRazin Mustafiz
 
PPTX
Salesforce Spring 26 Release Key .pptx
byMehediHasan939830
 
PDF
What Cybersecurity Threats Are Rising for Australian Firms in 2025?
byElevate
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
Digital Marketing Trends in 2026: AI, Data, Content & Future Growth
byConacent Consulting
 
PDF
RaaS™ — Research as a Service | Sovereign-Grade Energy & Infrastructure
byTheRDE GROUP
 
PDF
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 
PDF
RaaS™ — Research as a Service | Sovereign-Grade Energy & Infrastructure
byTheRDE GROUP
 
PDF
कम्प्यूटर.pdf for all computer examination
bynm92169694
 
PDF
The Multiverse of Artificial Intelligence
byGWLikithBK
 
DOCX
Top Websites To ⭐Buy ⭐Old ⭐Gmail ⭐Accounts (PVA & Bulk) (5).docx
byBuy Old Gmail Accounts
 
PDF
_OSHA102_U06_Chemical Safety and Hazard Communication_ 001 (1) (1).pdf
bygwgqpkb
 
PDF
Regenerative Agriculture Finance : Environmental impact
byrose mason
 
PDF
“Lessons from Yesterday's Tomorrowland” by Scott M. Graffius
byScott M. Graffius
 
PDF
Small Business Automation: A Comprehensive Cost and ROI Guide
byAmelia Swank
 
Corporate AI Training to AI Enable a Company Workforce
byStélio Inácio
 
Navigating the Spectrum of Advanced AI – Agentic, Autonomous, and Autopoietic...
byScott M. Graffius
 
Industrial RFID Landscape for 2025 - Readers, Tags, Antennas, Printers, etc
byRich Rogers
 
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
MAD (1).pdf Mobile application develipment
byprathiT1
 
AI Infrastructure and the Compute Gap - Matt Dratch
byRazin Mustafiz
 
Salesforce Spring 26 Release Key .pptx
byMehediHasan939830
 
What Cybersecurity Threats Are Rising for Australian Firms in 2025?
byElevate
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
Digital Marketing Trends in 2026: AI, Data, Content & Future Growth
byConacent Consulting
 
RaaS™ — Research as a Service | Sovereign-Grade Energy & Infrastructure
byTheRDE GROUP
 
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 
RaaS™ — Research as a Service | Sovereign-Grade Energy & Infrastructure
byTheRDE GROUP
 
कम्प्यूटर.pdf for all computer examination
bynm92169694
 
The Multiverse of Artificial Intelligence
byGWLikithBK
 
Top Websites To ⭐Buy ⭐Old ⭐Gmail ⭐Accounts (PVA & Bulk) (5).docx
byBuy Old Gmail Accounts
 
_OSHA102_U06_Chemical Safety and Hazard Communication_ 001 (1) (1).pdf
bygwgqpkb
 
Regenerative Agriculture Finance : Environmental impact
byrose mason
 
“Lessons from Yesterday's Tomorrowland” by Scott M. Graffius
byScott M. Graffius
 
Small Business Automation: A Comprehensive Cost and ROI Guide
byAmelia Swank
 

Hacktoberfest'24 _ GDG on Campus BU.pptx

  • 1.
  • 2.
    What is Hacktoberfest?? Hacktoberfest is an annual, month- long celebration of open-source software development, held every October, which encourages developers of all skill levels to contribute to open-source projects hosted on GitHub and GitLab.
  • 3.
    then what’s OpenSource?? Open source refers to a software development model where the source code is made publicly available for anyone to use, modify, and distribute. Open source projects are often developed collaboratively by a community of developers and contributors. The idea behind open source is to promote transparency, collaboration, and continuous improvement.
  • 4.
    WHY Open Source?? -Real-World Experience: Open-source contributions let students apply classroom knowledge to real-world projects, gaining practical coding and problem-solving skills. - Increases Legitimacy: Your work is publicly visible on platforms like GitHub, providing proof of your coding skills and commitment, boosting credibility with recruiters. ?
  • 5.
    WHY Open Source?? -Networking: Collaborating on projects connects you with industry professionals and other developers, opening doors to mentorship and job opportunities. - Strong Portfolio: Contributions show real project experience, enhancing your portfolio and making you stand out for internships and jobs. ?
  • 6.
    PAR BHAI START KAISEKARU??? GIT KAISE CHALATE HAII??? Best Way? Cheat Sheet. (check this out)
  • 7.
    Time to getour hands dirty!!
  • 8.
    LET’S INSTALL GIT (imean we asked you to do it pehle se) (angri 😾)
  • 10.
    Which of thefollowing is a popular open-source web browser? A) Safari B) Internet Explorer C) Mozilla Firefox D) Google Chrome
  • 11.
    Which open-source officesuite is considered an alternative to Microsoft Office? A) LibreOffice B) Google Docs C) Apple iWork D) WPS Office
  • 12.
    Who is consideredthe creator of Linux?
  • 13.
    What version control systemis commonly used in open source development?
  • 14.
  • 17.
  • 18.
  • 20.
    - Javascript Runtime -What does it actually change in development - NPM contains over 1.5 million packages - Cross Platform ?
  • 21.
    HTML, CSS, JSand now WHAT ?
  • 23.
  • 24.
    - Component based Javascriptlibrary - Simplicity in its component Based structure (JSX) - Community help - Various frontend issues on big orgs React in OS :
  • 25.
  • 26.
    Steps 1- Fork thefollowing repository
  • 27.
    Steps 2- Clone itusing git git clone <repoLink>
  • 28.
    Steps 3- Follow along(installing packages ,running the code and doing some changes) 4- git status 5- git add <directory> 6- git commit -m “my first commit” 7- git push origin main 8- Follow along
  • 29.
  • 30.
  • 31.
    What is OSINT (OpenSource Intelligence)
  • 32.
    (^.^) OSINT refers to collectingand analyzing publicly available data from Open sources.
  • 33.
    It isn’t AModern Technique
  • 34.
  • 35.
  • 39.
    Most Popular ToolFor Accessing OSINT
  • 40.
  • 41.
  • 42.
    - Respect privacylaws - Avoid malicious uses - Ensure OSINT is conducted within legal boundaries
  • 43.
  • 44.
    - Early ThreatDetection - Vulnerability Assessment - Threat Intelligence Sharing - Tracking and Monitoring Cybercriminals Importance of OSINT in Cyber Security
  • 45.
    - Threat Huntingand Early Detection - Incident Investigation - Cybersecurity Awareness and Reporting And many moree… What does a cyber security analyst do with OSINT
  • 47.
    On Campus •Bennett University GROW with GOOGLE Grow, Learn, Connect TOGETHER Nilay Gupta GDG on Campus Organiser/Lead
  • 48.
  • 49.
    this talk, What didwe just do? How to OSS your way?? GSoC Honeynet’s IntelOwl Some more on GSoC :P
  • 50.
  • 52.
    1.Ask the rightquestions (literally!!)
  • 53.
    Bad questions: These questionswon't get you too far in an online communities. (Rule of thumb: Try to not be lazy and do your research!) "Bhaiya bhaiya, Meine thodi C++ ki hai mein GSoC kaise karu?" → Truly answering this requires research “What is open source/gsoc?” → Easy to google "Bhaiya roadmap bna doge hamare liye?" → Easy to google "installing and setting up arch isn't even that tough. Why the ego?" → too brave
  • 54.
    Good questions: (Rule ofthumb: Always google your questions first and try being specific.) - "Hey, My opensearch instance isn't working. It is giving xyz error that I think is because of abc" → Precise - "I know this should be obvious but it isn't, where does a smart contract run it's code? I am not sure about this because I can't believe that it runs the same code everywhere. That's inefficient!" → The answer to it is actually pretty interesting. - "How do computers even generate random numbers? I know it has something to do with seeding but how do kernels even come up with the seeds?" → At least shows that you tried.
  • 55.
    2. How doyou get good enough’ ?
  • 56.
    2. How doyou get good enough’ ? (that's the neat part, you don't :P)
  • 57.
    3. How toget into FOSS ?
  • 58.
    Basic guidelines - Finda project you like (algora.io, up-for-grabs.net, reddit, friends, GSoC projects etc) - If you're new to either the tech stack or the project, finding an issue with the tag "Good first issue" might be useful! - Speak to maintainers and ask them help to set it up And get gud :)
  • 59.
    4. Some coolprograms :) (which you’ve been waiting for)
  • 60.
    Remember, these aresupposed to be entry level :) Google Summer of Code Students work with mentors from participating organizations, gaining practical coding experience while enhancing their resumes. LFX Mentorship LFX Mentorship, part of the Linux Foundation, offers a structured mentorship platform for students and early-career professionals. Hacktoberfest Hacktoberfest is an annual event that encourages students and developers to contribute to open source projects by submitting pull requests on GitHub in return for merch (stopped from this year) :)
  • 61.
    DO NOT JUSTEDIT A README FILE!!!!
  • 62.
    IntelOwl Project Making thelife of cyber security analysts easier
  • 63.
    Say “hi” tothe team :) Matteo Lodi @matte_lodi Threat Intelligence Team @0ssig3no Simone Berni mlodic 0ssigeno
  • 64.
    Enjoying myself inthe Cyber Security field!
  • 65.
    Enjoying myself inthe Cyber Security field! I have the best colleagues ever!
  • 66.
    Enjoying myself inthe Cyber Security field! I have the best colleagues ever! I’ll never stop learning!
  • 67.
    Enjoying myself inthe Cyber Security field! I have the best colleagues ever! I’ll never stop learning! We are like superheroes!
  • 68.
    Enjoying myself inthe Cyber Security field! I have the best colleagues ever! I’ll never stop learning! We are like superheroes! This is my dream job!
  • 69.
  • 70.
    Unveil the reality Cybersecurity analysts are: ● understaffed ● overworked ● working 24/7 ● without work-life balance ● used as scapegoats ● do a lot of manual work ref: Bitlyft ref: DarkReading ref: AECS
  • 71.
    Automate, automate, automate 2017: ●Working in a little team of cyber security analysts ● Overwhelmed by security alerts ● Stuck in repetitive and boring tasks ● Burnt-out myself
  • 72.
    Automate, automate, automate 2017: ●Working in a little team of cyber security analysts ● Overwhelmed by security alerts ● Stuck in repetitive and boring tasks ● Burnt-out myself We needed to start to automate our most
  • 73.
    The bottleneck: acquisitionof threat intelligence context www.suspicious.domain.com suspicious file analyst
  • 74.
    The bottleneck: acquisitionof threat intelligence context www.suspicious.domain.com suspicious file analyst ... analyst
  • 75.
    The bottleneck: acquisitionof threat intelligence context www.suspicious.domain.com suspicious file a single button click or a single API request Magic Security Tool analyst ... analyst analyst
  • 76.
    We were lookingfor a tool Our requirements were:
  • 77.
    We were lookingfor a tool ● Automated extraction of threat intelligence data from different sources ● Full-featured Web Application with user- friendly interface Our requirements were:
  • 78.
    We were lookingfor a tool ● Automated extraction of threat intelligence data from different sources ● Full-featured Web Application with user- friendly interface ● Client library for easy integrations with other security tools ● High possibility of customization to allow different use cases Our requirements were:
  • 79.
    We were lookingfor a tool ● Automated extraction of threat intelligence data from different sources ● Full-featured Web Application with user- friendly interface ● Client library for easy integrations with other security tools ● High possibility of customization to allow different use cases ● High level of scalability and speed ● Open source Our requirements were:
  • 80.
    We were lookingfor a tool ● Automated extraction of threat intelligence data from different sources ● Full-featured Web Application with user- friendly interface ● Client library for easy integrations with other security tools ● High possibility of customization to allow different use cases ● High level of scalability and speed ● Open source ● Written with the most recent technologies ● Well maintained and updated Our requirements were:
  • 81.
    IntelOwl was born Bornin Certego at the start of 2020, it is a great example of a successful Open Source project: right now it is one of the most popular Threat Intel projects on GitHub (>3k stars). IntelOwl provides data enrichment of threat intel artifacts (IP, Domain, URL, files, PCAP, hash, etc).
  • 82.
    IntelOwl solution www.suspicious.domain.com WithOUT IntelOwl suspicious file analyst ... analyst
  • 83.
    IntelOwl solution www.suspicious.domain.com WithOUT IntelOwl With Intel Owl suspicious file analyst analyzers analyst a single button click or a single API request ... analyst
  • 84.
    IntelOwl Repository &Tech Stack The most common (and open source) technologies and framework are used and we keep them constantly updated: ● Docker ● Python3 ● ReactJS ● Django ecosystem ● Celery ● PostgreSQL ● ElasticSearch ● Nginx ● Uwsgi ● Daphne ● RabbitMQ/SQS/Redis
  • 85.
    IntelOwl: How touse the platform
  • 86.
  • 87.
    Thank you forlistening! intelowlproject/ IntelOwl This presentation was reviewed and built together with our awesome team: Daniele Rosetti, Pier Giorgio Bergonzi and Martina Carella. The icons were collected from: FlatIcon Memes were generated with Imgflip @intel_owl
  • 88.
  • 89.
    What’s in aname ;) - Google Developers Groups On Campus Organiser by Google - Google Summer of Code 2024 at Honeynet with over 30,000 lines of code - Smart Bu Hackathon #4, 2023 - 9 CGPA :P - Founded a tech community in high school - Fullstack, DevOps and Cloud [Java, Js, Ts, Go, Py, C++] - Organised and hosted 20+ on campus events with my team <3 - Reached over 10,000 students in the last 3 years - BLAH, BLAH, BLAH----------------------------------------------->
  • 90.

Editor's Notes

  • #63 Before starting, just 2 quick words about us. We are from Italy and we work at Certego, which provides security servic. We are part of the the Threat Intelligence Team where we develop and maintain security applications that help our Incident Response Team to collect the information they need during their everyday job.
  • #64 Great! I would like to start the presentation with a short story. In the slide you can see a photo of myself. 7 years ago. At the Christmas party of the company. I have just started my first job as a cyber security analyst and everything is great. (pause) We are just a few guys in a cool startup but there’s a young environment and the colleagues are funny and supportive. (pause) It’s really awesome to work with them. (pause) Plus I have the chance to learn something new every day. Cyber threats panorama changes so often and we have to study and find a new solution for every new threat that we face. This is really awesome! Another thing that makes me excited about this job is that this is an ethical job. And I have finally the chance to be a superhero too. I am one of the good guys. We’ll destroy the evil. Really…wow…I said to myself: you have landed your dream job! Nothing can be better than this. Finally all the hours spent to study computer science, networking protocols, cryptography, web applications attacks, software engineering…that has been really worth it…
  • #65 Great! Let’s start the presentation with a short story. This is me. In 2017. At the Christmas party of the company. I have just started my first job as a cyber security analyst and everything is great. (pause) We are just a few guys in a cool startup but there’s a young environment and the colleagues are funny and supportive. (pause) It’s really awesome to work with them. (pause) Plus I have the chance to learn something new every day. Cyber threats panorama changes so often and we have to study and find a new solution for every new threat that we face. This is really awesome! Another thing that makes me excited about this job is that this is an ethical job. And I have finally the chance to be a superhero too. I am one of the good guys. We’ll destroy the evil. Really…wow…I said to myself: you have landed your dream job! Nothing can be better than this. Finally all the hours spent to study computer science, networking protocols, cryptography, web applications attacks, software engineering…that has been really worth it…
  • #66 Great! Let’s start the presentation with a short story. This is me. In 2017. At the Christmas party of the company. I have just started my first job as a cyber security analyst and everything is great. (pause) We are just a few guys in a cool startup but there’s a young environment and the colleagues are funny and supportive. (pause) It’s really awesome to work with them. (pause) Plus I have the chance to learn something new every day. Cyber threats panorama changes so often and we have to study and find a new solution for every new threat that we face. This is really awesome! Another thing that makes me excited about this job is that this is an ethical job. And I have finally the chance to be a superhero. I am one of the good guys. We’ll destroy the evil. We are gonna defeat them. Really…wow…I said to myself: you have landed your dream job! Nothing can be better than this. Finally all the hours spent to study computer science, networking protocols, cryptography, web applications attacks, software engineering…that has been really worth it…
  • #67 Great! Let’s start the presentation with a short story. This is me. In 2017. At the Christmas party of the company. I have just started my first job as a cyber security analyst and everything is great. (pause) We are just a few guys in a cool startup but there’s a young environment and the colleagues are funny and supportive. (pause) It’s really awesome to work with them. (pause) Plus I have the chance to learn something new every day. Cyber threats panorama changes so often and we have to study and find a new solution for every new threat that we face. This is really awesome! Another thing that makes me excited about this job is that this is an ethical job. And I have finally the chance to be a superhero too. I am one of the good guys. We’ll destroy the evil. Really…wow…I said to myself: you have landed your dream job! Nothing can be better than this. Finally all the hours spent to study computer science, networking protocols, cryptography, web applications attacks, software engineering…that has been really worth it…
  • #68 Great! Let’s start the presentation with a short story. This is me. In 2017. At the Christmas party of the company. I have just started my first job as a cyber security analyst and everything is great. (pause) We are just a few guys in a cool startup but there’s a young environment and the colleagues are funny and supportive. (pause) It’s really awesome to work with them. (pause) Plus I have the chance to learn something new every day. Cyber threats panorama changes so often and we have to study and find a new solution for every new threat that we face. This is really awesome! Another thing that makes me excited about this job is that this is an ethical job. And I have finally the chance to be a superhero too. I am one of the good guys. We’ll destroy the evil. Really…wow…I said to myself: you have landed your dream job! Nothing can be better than this. Finally all the years and hours spent in studying computer science and maybe boring stuff like networking protocols, cryptography and so on…that has been really worth it…
  • #69 However…at that time I didn’t know that the reality could be very different: The so desired happiness of analysts like me…is often stolen by a hideous threat known as the burnout condition.
  • #70 Yes, this is a serious problem in cyber security, In fact, there are more and more reports of psychological problems for people working in this field. There are statistics that say that more than 50% have experienced extreme stress. That’s a huge number. Which are the reasons? There is an incredible skill shortage in this field….companies fight each other to hire the few available analysts in the market. So cyber security teams are usually understaffed and so, as a consequence, they work more than the usual. Also, cyber security attacks never stops so analysts are often called at work during nights or during weekends. That can impact their work-life balance. And we don’t stop here! It is enough to miss a single security alert or to do a little mistake in the configuration of a security system to open the ports of your infrastructure to the enemies. This can be can be really stressful cause you can never lose the focus. On top of that, most of the time analysts do not have the right tools to do their jobs and are often stuck to manual approaches. under budget - open source
  • #71 That was the reality of my personal situation in 2017. We were skilled guys but we were a few so we were overwhelmed by security alerts. Plus we were stuck in repeating the same boring and annoying tasks that could have been easily automated. At one point I reached the limit and I felt completely exhausted.
  • #72 That was the reality of my personal situation in 2017. We were a skilled group of guys but we were just a few so we were completely overwhelmed by the huge number of security alerts. Plus we were stuck in repeating the same boring and annoying tasks every day. At one point I reached the limit and I felt completely exhausted. However it was very clear to us what we needed to start to do to improve the quality of our jobs: we needed to start to automate our most common workflow. contrapposizione cose fighe con lavoro noioso nooso e manuale non c’è niente per automatizzare la roba parte iniziale entusiasmo e tutto parte down e poi parte migliore il problema non è il lavoro in sè è la mancanza di strumenti -> questa slide ha il focus su questo
  • #73 We started looking for the bottleneck of our manual work and we found out what it was: it was the acquisition of threat intelligence data. This information is extremely important because it helps the analysts to triage security alerts faster, to reduce time of investigations, and to be more accurate in detecting the threats. In the slide you can see the description of the problem. During their investigations, cyber security analysts often find suspicious digital artifacts that need to be analyzed, like domains or files.
  • #74 They need to have the right information to make the right decisions: to do that, they have to rely on several different tools and services because a single one could not have the answer that they need…or their info could be wrong or, again, simply their info could not be enough to transform the data into ability to act. In the slide I show some of the most famous tools used by cyber security analysts: VirusTotal, which provides file reputation, AbuseIPDB which provides IP addresses reputation, MISP, a threat intel platform which I guess you all know what it is, URLHaus which is another service which provides lists of malicious URLs, Cuckoo which is a popular open source malware sandbox solution and so on. But there are many more.
  • #75 So, acquisition of threat intelligence context about a specific artifact can be really time consuming without a proper tool which helps to get all this information fast and together.
  • #76 So, from our own personal experience as cyber security analysts, we started to write down the requirements of the tool that we would need. We needed:
  • #77 Automated extraction of threat intelligence data from different sources a full-featured Web Application with a user-friendly interface
  • #78 Client library for easy integrations with other security tools High possibility of customization to allow different use cases
  • #79 High level of scalability and speed a tool which is Open source so a tool that could benefit from the collaboration with the community
  • #80 a tool Written with the most recent technologies a tool which is Well maintained and updated We searched the Internet for already existing Open Source projects with all these requirements. We found nothing.
  • #81 So we decided to create this tool by ourselves: that was the birth of IntelOwl. It was at the start of 2020, 4 years ago. Now it is one of the most popular Threat Intel Projects in Github with more than 3k stars. But what does intelowl do in a nutshell?: IntelOwl provides data enrichment of threat intel artifacts like IP addresses, domains, URLs, files, and many others.
  • #82 IntelOwl became the solution to the previously described problem. Without IntelOwl a cyber security analyst would need to extract data from different sources separately…that would mean a waste of the time of the analysts and a distraction from what he should actually do…which is analyze and manage security incidents. On the contrary, with IntelOwl, it is possible to do that operation with a single button click or with a single API request.
  • #83 IntelOwl became the solution to the previously described problem. Without IntelOwl a cyber security analyst would need to extract data from different sources separately…that would mean a waste of the time of the analysts and a distraction from what he should actually do…which is analyze and manage security incidents. On the contrary, with IntelOwl, it is possible to do that operation with a single button click or with a single API request.
  • #84 Ok so finally let’s talk about the Intelowl technology stack. IntelOwl is a full stack application, meaning that we have a backend, a frontend and an infrastructure to manage. The entire backend is written in python3, and in particular we are using the Django framework and the enetire Django ecosystem. For the frontend, we are using reactJS and finally for the architecture we are using docker to create separate containers and docker-compose to manage them
  • #85 Ok so we discussed a little bit internally to find the best way to show you why you should use intelowl, how you can use it, and finally how it can speed up actually SOC analysis. And yes, in like 8 minutes. So we decided to just use IntelOwl for some simple scenario, and let you guys reach your own conclusion about the platform.
  • #86 But documentation, guides this stuff is for nerds and we do not want to even think about this stuff