Honeypots for proactively detecting security incidents

•Download as PPTX, PDF•

1 like•720 views

Presented by Adli Wahid at the 10th National Conference on Cybersecurity held in Colombo, from 28 August to 1 September 2017.

Internet

Plan
1. Honeypots & Honeynets
2. Using Honeypots Inside Enterprise
3. Honeytokens
4. Main Points

Honeypots in a Nutshell
• Resources deployed to be attacked & compromised
• Emulate services, systems or hosts
• Interaction with adversaries
• Easy to deploy & integrate with existing security controls

Benefits
• Differentiate noise & suspicious / malicious traffic
• Information can be collected about attacks and/or
adversaries
o IP addresses / Domains
o Files / Hashes / Malware Samples
o TTPs
• CERTs / CSIRTs
o Understand context about attacks
o Research and Development

Recap
• Different types of Honeypots
• Lots of Open Source Tools Available
• Implementation within Enterprise Networks?

Cyber Kill Chain
15
The Cyber Kill Chain ["Security Intelligence: Attacking the Cyber Kill Chain", Cloppert,
Michael, http://computer-forensics.sans.org/blog/2009/10/14/security-intelligence-attacking-the-kill-chain/

Honeytokens
A honeytoken is data or a computing resource that exists
for the purpose of alerting you when someone accesses
it.

Scenario
• Adversary _already_ inside your infrastructure or
valueable target
• Multiple Forms:
o Usernames / Passwords
o URL / Links
o Files
o Web Pages
o Etc
• Adversary use / open tokens and announce their
presence

Scan to get Server Information
https://www.canarytokens.org

Implementation
• Canarytokens
o Canarytokens.org by Thinks
o Opensource Source (on Github)
o https://github.com/thinkst/canarytokens
• Dcept by Secureworks
o Opensource
o ActiveDirectory
o https://github.com/secureworks/dcept
o Commercial Solutions are available

Conclusion
1. Consider honeypots to increase chance of detecting
adversaries or attack
2. Check out Honeynet Project Website for more
information
o Annual Conference in Canberra in November
o Community Information sharing
3. Security Response Community
o https://www.first.org
4. General Cyber Security
o https://academy.apnic.net

Thank You
adli@apnic.net | adli@first.org
Twitter:@adliwahid
LInkedIn: Adli Wahid

This document discusses the challenges security researchers face when conducting open-source intelligence (OSINT) research anonymously. It outlines anonymity challenges like security policies prohibiting VPNs and TOR, and a lack of funds for secure anonymous channels. It also discusses challenges obtaining valid information from large datasets and sharing intelligence due to policy differences. The document recommends tools for anonymous OSINT like Whonix and Tails virtual machines, and describes sources like search engines, social media, paste sites and intelligence reports. It emphasizes practicing intelligence in depth using multiple sources.

Revealing the dark web

Veriato

This document summarizes a presentation by Nick Cavalancia and Patrick Knight of Veriato on revealing the dark web and how to leverage technologies to alert and block dark web access. The presentation covers an introduction to the dark web including how employees can access it, defines common dark web threats, and discusses how to detect and block dark web activity through monitoring TOR browser use, VPN traffic, and specific dark web site addresses. The presentation promotes Veriato's Cerebral insider threat intelligence platform for comprehensively addressing these risks.

ISACA Ethical Hacking Presentation 10/2011

Xavier Mertens

The document discusses ethical hacking and penetration testing. It defines ethical hacking as using the same tools and techniques as cyber attackers, but doing so legally with permission to find vulnerabilities and help organizations improve their security. Several frameworks for penetration testing are described, including the process of reconnaissance, scanning systems, gaining access, maintaining access, covering tracks, and reporting findings. The importance of preparation, clear scope, and translating technical risks into business impacts for management is emphasized. Tips include using online resources to gather intelligence and building a toolbox of software and physical tools.

Introduction to CSIRTs

APNIC

Python-Assisted Red-Teaming Operation

Satria Ady Pradana

Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...

Edureka!

**Cybersecurity Training: https://www.edureka.co/cybersecurity-certification-training ** This Edureka "Ethical Hacking Course" PPT will give you an expansive view into Ethical Hacking. This video will give you an exhaustive understanding on key topics of Ethical Hacking for beginners! Follow us to never miss an update in the future. Instagram: https://www.instagram.com/edureka_learning/ Facebook: https://www.facebook.com/edurekaIN/ Twitter: https://twitter.com/edurekain LinkedIn: https://www.linkedin.com/company/edureka

Sqrrl May Webinar: Data-Centric Security

Sqrrl

Prepare Yourself to Become Infosec Professional

M.Syarifudin, ST, OSCP, OSWP

This document provides an overview of information security and discusses how to become an information security professional. It recommends focusing on operating systems, computer networks, security, cryptography, and programming. Some key information security certifications are also presented, such as OSCP, CISSP, and CEH. The document encourages joining an information security laboratory and community. It also gives an example salary range for penetration testers and summarizes the typical phases of a penetration test based on the Penetration Testing Execution Standard.

Whether they realize it or not, all enterprises have valuable data to protect. Credit card information, trade secrets, and patient data, for example, are all prime targets for cyber criminals. You can reduce risk to your sensitive data through the use of compliance/segmentation monitoring. But what happens when malicious insiders or external attackers bypass these controls? Join Lancope’s Consulting Security Architect, Charles Herring, to learn how network behavioral anomaly detection (NBAD) and deep visibility through NetFlow can be used to quickly alert administrators to these violations. Discover how to detect anomalies such as data hoarding and data loss to more effectively safeguard your crown jewels.

IOT Security FUN-damental

Satria Ady Pradana

Defending Against 1,000,000 Cyber Attacks by Michael Banks

EC-Council

Every time you look around some company or government organization is spouting out some huge number of “cyber-attacks” to their network every day. By no means is it easy, but could it be that there is a little exaggeration of the actuality of the encounters? There is surely a misconception in reporting and the understanding of the attack itself and how organizations account for them. There are “attacks” like port scanning and brute force attempting all across the internet and all hours of the day. Spreading awareness about them will inform the public on just how “intense” these attacks are. To demonstrate this, I bought a nice attractive domain and coupled it with a honey-pot and let the fun begin.

Session Slide

Muralidharan Radhakrishnan

Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg

Eric Vanderburg

This document defines and describes different types of attackers and attacks on information security. It identifies hackers, crackers, script kiddies, spies, employees, hacktivists, and cyberterrorists as common attackers with varying levels of skill and motivations. Common attack types include social engineering, buffer overflows, password guessing, man-in-the-middle attacks, and denial of service attacks. Malware threats like viruses, worms, Trojan horses, and spyware are also outlined. The document concludes with descriptions of protection techniques like firewalls and discusses backdoors and rootkits as other access methods.

Honeypot

Syeda Khadizatul maria

A honeypot is a computer security mechanism designed to detect unauthorized access. It acts as a trap for attackers by diverting their attention from real network resources. The main functions of a honeypot are to build attacker profiles, identify preferred attack methods, and capture new viruses. Honeypots are classified by their level of interaction (low interaction provides emulated services while high interaction uses actual operating systems), implementation (physical vs virtual), and purpose (research to discover new attacks vs production to detect threats).

UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...

APNIC

Ethical hacking

Manas Das

Ethical hacking involves legally accessing computer systems and networks to test security and find vulnerabilities. It helps identify weaknesses that criminals could exploit. There are different types of hackers defined by their intentions and knowledge - white hat hackers help companies, while black hat hackers intend harm. Ethical hacking is important as it allows issues to be addressed before real attackers can cause damage. Common attacks include brute force, buffer overflows, and denial of service. Companies should implement security measures like strong passwords, antivirus software, and logging out of accounts to protect themselves from hacking.

Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...

EC-Council

Today there is a dispute over the ethics of operations involving honeypots and honeynets in cyber security. However, many organizations will adopt the use of such techniques and tools to develop defensive strategies to stop attackers. For professional offensive security practitioners, detecting, bypassing, and even avoiding honeypots is a new challenge and much is to be discovered and shared. This brief will work to accomplish these objectives and begin the development of a new framework for Counter Honeypot Operations (CHOps).

Ethical Hacking

justyogesh

Hacking" is the word that shakes everyone whenever it is said or heard by someone. Everyone born in this world with attitude wants to be a Hacker. But it is not a job of a new born baby or an old grown lady. A Hacker needs a brilliant mind to hack anything. His skills should be so powerful that no other hacker can hack him. A Hacker doesn't need software to hack. There are many rules that he should learn to become an Ethical Hacker. These rules include knowledge of HTML, JavaScript, Computer Tricks, and Cracking & Breaking etc.

Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016

Danny Akacki

We can all agree that threat detection is an essential component of a functioning security monitoring program. Let's start thinking about how to take our tradecraft to the next level and hunt for ways for evil to do evil things. This talk will run through some of the observations gathered during hunting expeditions inside the networks of multiple Fortune ranked organizations. We hope to challenge you to expand your security operations, moving beyond traditional signature based detection.

Security Issues in Internet of Things

Lohith Haravu Chandrashekar

Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...

Chi En (Ashley) Shen

The document discusses threat intelligence platforms (TIPs) and leveraging them to defend against cyber attacks. It describes how TIPs aggregate internal and external data from various sources, help manage that information to facilitate analysis, and support turning analyzed intelligence into actionable information. The document then provides an example analysis of the activities of the Menupass cyber espionage group over time as discovered through a TIP.

Discover advanced threats with threat intelligence - Jeremy Li

Jeremy Li

Jeremy Li presented on building private threat intelligence datasets and using them to discover advanced threats. He discussed researching attacker profiling, collecting security data from logs and sensors, and building an internal threat intelligence platform. Li then demonstrated analyzing native-based data, threat intelligence, and attacker profiles to investigate a potential database collision incident targeting the financial industry. The presentation provided examples of using threat intelligence to map out attacker techniques and identify suspicious IP addresses and domains.

APrIGF 2015: Security and the Internet of Things

APNIC

Hunting on the Cheap

EndgameInc

For organizations and individuals with limited security budgets, successfully hunting for cyber adversaries can be a daunting challenge. Threat Intelligence can be expensive and sometimes nothing more than IoCs or blacklists. In this talk, Endgame’s threat research team will present a series of techniques that can enable organizations to leverage free or almost-free sources of data and open-source tools to “hunt on the cheap.” They’ll explain how to: retrieve attackers’ tools from globally distributed honeynets that look like your organization or a juicy launching point to attackers; enrich the data past basic file/tool hashes to identify malicious command and control IPs/domains through automated binary analysis using open-source sandboxes and tools; and use passive DNS data to identify active infections and enrich existing data sets. Attendees will learn how to apply these three techniques to hunt for adversaries within their own networks. They will also learn about the various open-source solutions available, such as graph databases, that make these techniques inexpensive and within the scope of many organizations. Anjum Ahuja, Senior Threat Researcher, Endgame Jamie Butler, Chief Scientist, Endgame Andrew Morris, Threat Researcher, Endgame

Wireless and Internet Security Principles

pualoob

Hunting: Defense Against The Dark Arts

Spyglass Security

This presentation was delivered at BSides Augusta in September 2016. The A/V portion is available here: https://www.youtube.com/watch?v=i6p71t9PFWM Abstract: "We can all agree that threat ("Evil") detection is an essential component of a functioning security monitoring program. Let's start thinking about how to take our tradecraft to the next level and hunt for insecure conditions ("Ways for Evil to do Evil things") that might allow threat actors to succeed in their mission. This talk will run through some of the observations gathered during hunting expeditions inside the networks of multiple Fortune-ranked organizations and challenge you to expand your security operations thinking beyond signature-based detection. - What is Hunting? - How have we done it? - What have we found, and what should be done about those findings? - How might you achieve similar outcomes in your own environment?" Speakers: - Jacqueline Stokes (@find_evil) is an infosec enthusiast who picked up hacking as a preteen and cut her teeth over multiple years in Iraq. Her ongoing mission is to assess and advise clients on the most actionable and forward-thinking methods to improve detection, response, and containment of advanced threats. Jackie likes long walks on the beach, 90's nostalgia, and is the president and founding member of the Kevin Mandia Fan Club. - Danny Akacki (@dakacki) was a Lead Analyst with GE Capitals' Applied Intelligence team prior to his employment with Mandiant, and now works for Bank of America's hunt team. He is a pragmatic optimist and believes we are probably screwed, but hopes we aren't. Danny enjoys finding evil on the weekends. - Stephen Hinck (@stephenhinck) is a Senior Security Analyst at Oracle, Inc. Stephen stumbled into the information security world years ago and has since only managed to dig his way deeper to the rabbit hole. With a background in security operations, incident response and threat hunting, Stephen's experience is multi-faceted. Although he enjoys many things, he absolutely hates writing silly bios like this one.

Redrawing the Cyber Defense Frontier

Joe Hage

Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ

BAINIDA

This document discusses information security as an academic field focused on developing professionals who can analyze organizational risks, plan security strategies, create security policies, and respond to threats to support organizational missions. It notes that those studying this field gain expertise in both security technologies and security management. The document then lists relevant courses and outlines the key components of the security management process: plan, protect, and respond.

2023 NCIT: Introduction to Intrusion Detection

APNIC

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline

Lastline, Inc.

This document summarizes a presentation given by Dr. Engin Kirda on reacting to advanced cyberattacks in real-time using Lastline's detection platform. The presentation discusses how malware has become more sophisticated, evasive, and targeted. Lastline takes a unique approach to detection by using full system emulation in their sandbox environment, which allows them to detect malware that evades traditional antivirus solutions and virtualized sandboxes. The Lastline platform components work together to analyze suspicious files, correlate events into high-level incidents, share threat intelligence, and help automatically mitigate breaches across an organization's network in real-time.

What's hot

Combating Insider Threats – Protecting Your Agency from the Inside Out

Lancope, Inc.

IOT Security FUN-damental

Satria Ady Pradana

Defending Against 1,000,000 Cyber Attacks by Michael Banks

EC-Council

Session Slide

Muralidharan Radhakrishnan

Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg

Eric Vanderburg

Honeypot

Syeda Khadizatul maria

UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...

APNIC

Ethical hacking

Manas Das

Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...

EC-Council

Ethical Hacking

justyogesh

Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016

Danny Akacki

Security Issues in Internet of Things

Lohith Haravu Chandrashekar

Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...

Chi En (Ashley) Shen

Discover advanced threats with threat intelligence - Jeremy Li

Jeremy Li

APrIGF 2015: Security and the Internet of Things

APNIC

Hunting on the Cheap

EndgameInc

Wireless and Internet Security Principles

pualoob

Hunting: Defense Against The Dark Arts

Spyglass Security

Redrawing the Cyber Defense Frontier

Joe Hage

Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ

BAINIDA

What's hot (20)

Combating Insider Threats – Protecting Your Agency from the Inside Out

IOT Security FUN-damental

Defending Against 1,000,000 Cyber Attacks by Michael Banks

Session Slide

Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg

Honeypot

UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...

Ethical hacking

Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...

Ethical Hacking

Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016

Security Issues in Internet of Things

Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...

Discover advanced threats with threat intelligence - Jeremy Li

APrIGF 2015: Security and the Internet of Things

Hunting on the Cheap

Wireless and Internet Security Principles

Hunting: Defense Against The Dark Arts

Redrawing the Cyber Defense Frontier

Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ

Similar to Honeypots for proactively detecting security incidents

2023 NCIT: Introduction to Intrusion Detection

APNIC

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline

Lastline, Inc.

Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...

Sean Whalen

Advanced Persistent Threats (APTs) - Information Security Management

Mayur Nanotkar

Zero Day Malware Detection/Prevention Using Open Source Software

MyNOG

Cambodia CERT Seminar: Incident response for ransomeware attacks

APNIC

Security in the age of open source - Myths and misperceptions

Tim Mackey

As delivered at Interop ITX 2017. The security of open source software is a function of the security of its components. For most applications, open source technologies are at their core, but security related issues may not be disclosed directly against the application because its use of the open-source component is hidden. In this talk, I explored how information flow benefits attackers, but how awareness can help defenders. I presented key attributes any vulnerability solution should have - including deep understanding of how open source development works and being DevOps aware.

FBI & Secret Service- Business Email Compromise Workshop

Ernest Staats

Hunting: Defense Against The Dark Arts v2

Spyglass Security

This presentation was delivered at SkyDogCon 6 in October 2016. The A/V is available here: https://www.youtube.com/watch?list=PLLEf-wPc7Tyae19iTuzKOXmPj-IQBIWuU&v=mKxGulV2Z74 It is an updated version of the original deck presented at BSides Augusta 2016 - Added original content including information on use cases and added definition/clarity. Abstract: "We can all agree that threat ("Evil") detection is an essential component of a functioning security monitoring program. Let's start thinking about how to take our tradecraft to the next level and hunt for insecure conditions ("Ways for Evil to do Evil things") that might allow threat actors to succeed in their mission. This talk will run through some of the observations gathered during hunting expeditions inside the networks of multiple Fortune-ranked organizations and challenge you to expand your security operations thinking beyond signature-based detection. - What is Hunting? - How have we done it? - What have we found, and what should be done about those findings? - How might you achieve similar outcomes in your own environment?" Speakers: - Jacqueline Stokes (@find_evil) is an infosec enthusiast who picked up hacking as a preteen and cut her teeth over multiple years in Iraq. Her ongoing mission is to assess and advise clients on the most actionable and forward-thinking methods to improve detection, response, and containment of advanced threats. Jackie likes long walks on the beach, 90's nostalgia, and is the president and founding member of the Kevin Mandia Fan Club.

Infosecurity.be 2019: What are relevant open source security tools you should...

B.A.

Ethical Hacking

Mukul Agarwal

This PowerPoint presentation provides an overview of ethical hacking. It discusses the different types of hackers, including white hat, black hat, and gray hat hackers. It also explains what ethical hacking is, why we need it, and the methodology used, which includes reconnaissance, scanning, enumeration, gaining access, maintaining access, and covering tracks. The presentation also outlines some common hacking tools, historical cases of hacking, and skills required of an ethical hacker.

Ethical hacking and cyber security intro

Abhilash Ak

The document discusses ethical hacking and cybersecurity. It begins with an overview of hacking, different types of hackers (white hat, black hat, gray hat), and why people hack. It then covers ethical hacking methodology in 5 phases (reconnaissance, scanning, gaining access, maintaining access, covering tracks). The document also discusses cybersecurity tools, skills of an ethical hacker like networking protocols and various operating systems, advantages and disadvantages of cybersecurity, and why it is important to protect confidentiality, integrity and availability of data.

Network security

Sri Manakula Vinayagar Engineering College

This document discusses network architecture and reliability. It describes the basic characteristics of fault tolerance, scalability, quality of service, and security that network architectures need to address. It then discusses fault tolerance in networks through packet switching and redundancy. Scalability in networks is achieved through following standards and protocols. Quality of service is important for real-time media like voice and video. The document also covers network security threats and the goals of confidentiality, integrity, and availability.

Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...

REVULN

TWCSIRT is a full member of FIRST and mainly focuses on the protection of NARLabs, TANet and TWAREN. We are defense cyber-attack from internet and according to government policy to handling incident every day. I am a research fellow with National Center for High-performance Computing and lead cyber security team to operation security operation center to handling incident in Taiwan Academic Network. In our research project from government, we are deployed the biggest honeynet in Taiwan and used over 6000 IP address to detection malicious network attack come from internet. We have published our malware knowledge base to sharing malware samples and reports for many researchers, students, research center and sharing our data set for deep tracking about cyber security. There are many new types of cyber-attack that’s is include ransomware, website mining, DDoS and hybrid malicious attack. Main Points: - What’s TWCSIRT Mission and Scope - How to coordinate in National level with ISAC, CERT and SOC - Cyber-attack and threat hunting in Taiwan Academic Network - How to develop cyber security platform for incident handling - How to do red team and blue team training by CDX

ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training

APNIC

Cybersecurity: Malware & Protecting Your Business From Cyberthreats

SecureDocs

http://www.securedocs.com -The recent increase in high-profile cyberattacks has made online security a hot topic, and rightfully so. Companies from The New York Times to Facebook have fallen victim to attacks by cybercriminals, highlighting just how vulnerable any business is. In the past few years, malware has evolved dramatically and is a serious threat to all organizations, both big and small. This presentation covers what advanced malware is and the impact it can have on an organization. Learn how to protect your business from this type of threat.

Top 6 Sources for Identifying Threat Actor TTPs

Recorded Future

The document discusses 6 key sources for identifying threat actors' tactics, techniques and procedures (TTPs): 1) Open source intelligence from the deep and dark web, 2) Darknets which are intentionally vulnerable networks, 3) Telemetry data collected internally and by vendors, 4) Scanning and crawling the open web actively, 5) Malware processing by vendors to inform security protocols, and 6) Closed source human intelligence developing online relationships. The takeaway is that organizations should assess their needs to determine the appropriate approach based on size and budget.

Honey pots

Alok Singh

The document discusses honey pots, which are computer systems that are intended to attract and monitor hackers. It provides an overview of honey pots, including their historical development, types (production vs research), levels of interaction (low vs high), tools used, and advantages and disadvantages. The document also discusses how honey pots work using intrusion detection systems like Snort, and how honey pots have evolved over time and may continue to develop in the future.

FBI & Secret Service- Business Email Compromise Workshop

Ernest Staats

technical-information-gathering-slides.pdf

MarceloCunha571649

This document provides an overview of information gathering and vulnerability scanning techniques for the CompTIA Pentest+ certification. It discusses the importance of gathering both technical and people information about the target. It covers passive information gathering techniques like searching public databases and active techniques like port scanning and website crawling. The document demonstrates tools for discovering domains, IP addresses, ports, services and technical details through techniques like DNS queries, Nmap scanning, and using search engines and Shodan. It emphasizes using both passive and active approaches to fully map the target environment.

Similar to Honeypots for proactively detecting security incidents (20)

2023 NCIT: Introduction to Intrusion Detection

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline

Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...

Advanced Persistent Threats (APTs) - Information Security Management

Zero Day Malware Detection/Prevention Using Open Source Software

Cambodia CERT Seminar: Incident response for ransomeware attacks

Security in the age of open source - Myths and misperceptions

FBI & Secret Service- Business Email Compromise Workshop

Hunting: Defense Against The Dark Arts v2

Infosecurity.be 2019: What are relevant open source security tools you should...

Ethical Hacking

Ethical hacking and cyber security intro

Network security

Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...

ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training

Cybersecurity: Malware & Protecting Your Business From Cyberthreats

Top 6 Sources for Identifying Threat Actor TTPs

Honey pots

FBI & Secret Service- Business Email Compromise Workshop

technical-information-gathering-slides.pdf

Recently uploaded

cyber crime.pptx..........................

GNAMBIKARAO

About cyber crime and it's effects Graph of cyber crime.

How to make a complaint to the police for Social Media Fraud.pdf

Infosec train

快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样

3a0sd7z3

学校原件一模一样【微信：741003700 】《(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书》【微信：741003700 】学位证，留信认证（真实可查，永久存档）原件一模一样纸张工艺/offer、雅思、外壳等材料/诚信可靠,可直接看成品样本，帮您解决无法毕业带来的各种难题！外壳，原版制作，诚信可靠，可直接看成品样本。行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题，包您满意。本公司拥有海外各大学样板无数，能完美还原。 1:1完美还原海外各大学毕业材料上的工艺：水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700 【主营项目】一.毕业证【q微741003700】成绩单、使馆认证、教育部认证、雅思托福成绩单、学生卡等！二.真实使馆公证(即留学回国人员证明,不成功不收费) 三.真实教育部学历学位认证（教育部存档！教育部留服网站永久可查）四.办理各国各大学文凭(一对一专业服务,可全程监控跟踪进度) 如果您处于以下几种情况： ◇在校期间，因各种原因未能顺利毕业……拿不到官方毕业证【q/微741003700】 ◇面对父母的压力，希望尽快拿到； ◇不清楚认证流程以及材料该如何准备； ◇回国时间很长，忘记办理； ◇回国马上就要找工作，办给用人单位看； ◇企事业单位必须要求办理的 ◇需要报考公务员、购买免税车、落转户口 ◇申请留学生创业基金留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才

快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样

3a0sd7z3

学校原件一模一样【微信：741003700 】《(Vic毕业证书)惠灵顿维多利亚大学毕业证》【微信：741003700 】学位证，留信认证（真实可查，永久存档）原件一模一样纸张工艺/offer、雅思、外壳等材料/诚信可靠,可直接看成品样本，帮您解决无法毕业带来的各种难题！外壳，原版制作，诚信可靠，可直接看成品样本。行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题，包您满意。本公司拥有海外各大学样板无数，能完美还原。 1:1完美还原海外各大学毕业材料上的工艺：水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700 【主营项目】一.毕业证【q微741003700】成绩单、使馆认证、教育部认证、雅思托福成绩单、学生卡等！二.真实使馆公证(即留学回国人员证明,不成功不收费) 三.真实教育部学历学位认证（教育部存档！教育部留服网站永久可查）四.办理各国各大学文凭(一对一专业服务,可全程监控跟踪进度) 如果您处于以下几种情况： ◇在校期间，因各种原因未能顺利毕业……拿不到官方毕业证【q/微741003700】 ◇面对父母的压力，希望尽快拿到； ◇不清楚认证流程以及材料该如何准备； ◇回国时间很长，忘记办理； ◇回国马上就要找工作，办给用人单位看； ◇企事业单位必须要求办理的 ◇需要报考公务员、购买免税车、落转户口 ◇申请留学生创业基金留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才

HijackLoader Evolution: Interactive Process Hollowing

Donato Onofri

CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities. In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.

怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样

rtunex8r

原版定制【微信:bwp0011】《(umiami毕业证书)美国迈阿密大学毕业证文凭证书》【微信:bwp0011】成绩单、雅思、外壳、留信学历认证永久存档查询，采用学校原版纸张、特殊工艺完全按照原版一比一制作（包括：隐形水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠，文字图案浮雕，激光镭射，紫外荧光，温感，复印防伪）行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备，十五年致力于帮助留学生解决难题，业务范围有加拿大、英国、澳洲、韩国、美国、新加坡，新西兰等学历材料，包您满意。【业务选择办理准则】一、工作未确定，回国需先给父母、亲戚朋友看下文凭的情况，办理一份就读学校的毕业证【微信bwp0011】文凭即可二、回国进私企、外企、自己做生意的情况，这些单位是不查询毕业证真伪的，而且国内没有渠道去查询国外文凭的真假，也不需要提供真实教育部认证。鉴于此，办理一份毕业证【微信bwp0011】即可三、进国企，银行，事业单位，考公务员等等，这些单位是必需要提供真实教育部认证的，办理教育部认证所需资料众多且烦琐，所有材料您都必须提供原件，我们凭借丰富的经验，快捷的绿色通道帮您快速整合材料，让您少走弯路。留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才【关于价格问题（保证一手价格）】我们所定的价格是非常合理的，而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子我给客户的都是第一手的代理价格，因为我想坦诚对待大家不想跟大家在价格方面浪费时间对于老客户或者被老客户介绍过来的朋友，我们都会适当给一些优惠。

一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理

thezot

原版办【微信号:95270640】【新西兰林肯大学毕业证(Lincoln毕业证书)】【微信号:95270640】《成绩单、外壳、雅思、offer、真实留信官方学历认证（永久存档/真实可查）》采用学校原版纸张、特殊工艺完全按照原版一比一制作（包括：隐形水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠，文字图案浮雕，激光镭射，紫外荧光，温感，复印防伪）行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备，十五年致力于帮助留学生解决难题，业务范围有加拿大、英国、澳洲、韩国、美国、新加坡，新西兰等学历材料，包您满意。【我们承诺采用的是学校原版纸张（纸质、底色、纹路）我们拥有全套进口原装设备，特殊工艺都是采用不同机器制作，仿真度基本可以达到100%，所有工艺效果都可提前给客户展示，不满意可以根据客户要求进行调整，直到满意为止！】【业务选择办理准则】一、工作未确定，回国需先给父母、亲戚朋友看下文凭的情况，办理一份就读学校的毕业证【微信号95270640】文凭即可二、回国进私企、外企、自己做生意的情况，这些单位是不查询毕业证真伪的，而且国内没有渠道去查询国外文凭的真假，也不需要提供真实教育部认证。鉴于此，办理一份毕业证【微信号95270640】即可三、进国企，银行，事业单位，考公务员等等，这些单位是必需要提供真实教育部认证的，办理教育部认证所需资料众多且烦琐，所有材料您都必须提供原件，我们凭借丰富的经验，快捷的绿色通道帮您快速整合材料，让您少走弯路。留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才留信网服务项目： 1、留学生专业人才库服务（留信分析） 2、国（境）学习人员提供就业推荐信服务 3、留学人员区块链存储服务【关于价格问题（保证一手价格）】我们所定的价格是非常合理的，而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子我给客户的都是第一手的代理价格，因为我想坦诚对待大家不想跟大家在价格方面浪费时间对于老客户或者被老客户介绍过来的朋友，我们都会适当给一些优惠。选择实体注册公司办理，更放心，更安全！我们的承诺：客户在留信官方认证查询网站查询到认证通过结果后付款，不成功不收费！

一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理

dtagbe

原版一模一样【微信：741003700 】【(uc毕业证书)加拿大卡尔加里大学毕业证成绩单】【微信：741003700 】学位证，留信认证（真实可查，永久存档）原件一模一样纸张工艺/offer、雅思、外壳等材料/诚信可靠,可直接看成品样本，帮您解决无法毕业带来的各种难题！外壳，原版制作，诚信可靠，可直接看成品样本。行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题，包您满意。本公司拥有海外各大学样板无数，能完美还原。 1:1完美还原海外各大学毕业材料上的工艺：水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700 【主营项目】一.毕业证【q微741003700】成绩单、使馆认证、教育部认证、雅思托福成绩单、学生卡等！二.真实使馆公证(即留学回国人员证明,不成功不收费) 三.真实教育部学历学位认证（教育部存档！教育部留服网站永久可查）四.办理各国各大学文凭(一对一专业服务,可全程监控跟踪进度) 如果您处于以下几种情况： ◇在校期间，因各种原因未能顺利毕业……拿不到官方毕业证【q/微741003700】 ◇面对父母的压力，希望尽快拿到； ◇不清楚认证流程以及材料该如何准备； ◇回国时间很长，忘记办理； ◇回国马上就要找工作，办给用人单位看； ◇企事业单位必须要求办理的 ◇需要报考公务员、购买免税车、落转户口 ◇申请留学生创业基金留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才办理(uc毕业证书)加拿大卡尔加里大学毕业证【微信：741003700 】外观非常简单，由纸质材料制成，上面印有校徽、校名、毕业生姓名、专业等信息。办理(uc毕业证书)加拿大卡尔加里大学毕业证【微信：741003700 】格式相对统一，各专业都有相应的模板。通常包括以下部分：校徽：象征着学校的荣誉和传承。校名:学校英文全称授予学位：本部分将注明获得的具体学位名称。毕业生姓名：这是最重要的信息之一，标志着该证书是由特定人员获得的。颁发日期：这是毕业正式生效的时间，也代表着毕业生学业的结束。其他信息：根据不同的专业和学位，可能会有一些特定的信息或章节。办理(uc毕业证书)加拿大卡尔加里大学毕业证【微信：741003700 】价值很高，需要妥善保管。一般来说，应放置在安全、干燥、防潮的地方，避免长时间暴露在阳光下。如需使用，最好使用复印件而不是原件，以免丢失。综上所述，办理(uc毕业证书)加拿大卡尔加里大学毕业证【微信：741003700 】是证明身份和学历的高价值文件。外观简单庄重，格式统一，包括重要的个人信息和发布日期。对持有人来说，妥善保管是非常重要的。

Bengaluru Dreamin' 24 - Personal Branding

Tarandeep Singh

Recently uploaded (9)

cyber crime.pptx..........................

How to make a complaint to the police for Social Media Fraud.pdf

快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样

快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样

HijackLoader Evolution: Interactive Process Hollowing

怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样

一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理

一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理

Bengaluru Dreamin' 24 - Personal Branding

Honeypots for proactively detecting security incidents

1. Honeypots for Proactively Detecting Security Incidents Adli Wahid Senior Internet Security Specialist (APNIC)

2. Let’s Connect • Adli Wahid o Senior Internet Security Specialist @ APNIC o Board Member of Forum of Incident Response and Security Teams (FIRST) • APNIC o Regional Internet Registry for the AP region • FIRST o Association of CERTs/CSIRTs o 30th AGM & Conference in 2018 (Kuala Lumpur)

3. Plan 1. Honeypots & Honeynets 2. Using Honeypots Inside Enterprise 3. Honeytokens 4. Main Points

4. Honeypots

5. Honeypots in a Nutshell • Resources deployed to be attacked & compromised • Emulate services, systems or hosts • Interaction with adversaries • Easy to deploy & integrate with existing security controls

6. Benefits • Differentiate noise & suspicious / malicious traffic • Information can be collected about attacks and/or adversaries o IP addresses / Domains o Files / Hashes / Malware Samples o TTPs • CERTs / CSIRTs o Understand context about attacks o Research and Development

7. APNIC Community Honeynet Project

8. SSH / Telnet Honeypot: Cowrie

10.

11.

12. File Hash

13.

14. Recap • Different types of Honeypots • Lots of Open Source Tools Available • Implementation within Enterprise Networks?

15. Cyber Kill Chain 15 The Cyber Kill Chain ["Security Intelligence: Attacking the Cyber Kill Chain", Cloppert, Michael, http://computer-forensics.sans.org/blog/2009/10/14/security-intelligence-attacking-the-kill-chain/

16. Deception -> Detection

17. Honeytokens A honeytoken is data or a computing resource that exists for the purpose of alerting you when someone accesses it.

18. Scenario • Adversary _already_ inside your infrastructure or valueable target • Multiple Forms: o Usernames / Passwords o URL / Links o Files o Web Pages o Etc • Adversary use / open tokens and announce their presence

19. Use-Case Fileserver

20.

21. Scan to get Server Information https://www.canarytokens.org

22. Implementation • Canarytokens o Canarytokens.org by Thinks o Opensource Source (on Github) o https://github.com/thinkst/canarytokens • Dcept by Secureworks o Opensource o ActiveDirectory o https://github.com/secureworks/dcept o Commercial Solutions are available

23. Conclusion 1. Consider honeypots to increase chance of detecting adversaries or attack 2. Check out Honeynet Project Website for more information o Annual Conference in Canberra in November o Community Information sharing 3. Security Response Community o https://www.first.org 4. General Cyber Security o https://academy.apnic.net

24. Thank You adli@apnic.net | adli@first.org Twitter:@adliwahid LInkedIn: Adli Wahid

Editor's Notes

Step 1: Reconnaissance. The attacker gathers information on the target before the actual attack starts. He can do it by looking for publicly available information on the Internet. Step 2: Weaponization. The attacker uses an exploit and creates a malicious payload to send to the victim. This step happens at the attacker side, without contact with the victim. Step 3: Delivery. The attacker sends the malicious payload to the victim by email or other means, which represents one of many intrusion methods the attacker can use. Step 4: Exploitation. The actual execution of the exploit, which is, again, relevant only when the attacker uses an exploit. Step 5: Installation. Installing malware on the infected computer is relevant only if the attacker used malware as part of the attack, and even when there is malware involved, the installation is a point in time within a much more elaborate attack process that takes months to operate. Step 6: Command and control. The attacker creates a command and control channel in order to continue to operate his internal assets remotely. This step is relatively generic and relevant throughout the attack, not only when malware is installed. Step 7: Action on objectives. The attacker performs the steps to achieve his actual goals inside the victim’s network. This is the elaborate active attack process that takes months, and thousands of small steps, in order to achieve.

Honeypots for proactively detecting security incidents

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Honeypots for proactively detecting security incidents

Similar to Honeypots for proactively detecting security incidents (20)

More from APNIC

More from APNIC (20)

Recently uploaded

Recently uploaded (9)

Honeypots for proactively detecting security incidents

Editor's Notes