TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...EC-Council
This document discusses the challenges security researchers face when conducting open-source intelligence (OSINT) research anonymously. It outlines anonymity challenges like security policies prohibiting VPNs and TOR, and a lack of funds for secure anonymous channels. It also discusses challenges obtaining valid information from large datasets and sharing intelligence due to policy differences. The document recommends tools for anonymous OSINT like Whonix and Tails virtual machines, and describes sources like search engines, social media, paste sites and intelligence reports. It emphasizes practicing intelligence in depth using multiple sources.
This document summarizes a presentation by Nick Cavalancia and Patrick Knight of Veriato on revealing the dark web and how to leverage technologies to alert and block dark web access. The presentation covers an introduction to the dark web including how employees can access it, defines common dark web threats, and discusses how to detect and block dark web activity through monitoring TOR browser use, VPN traffic, and specific dark web site addresses. The presentation promotes Veriato's Cerebral insider threat intelligence platform for comprehensively addressing these risks.
The document discusses ethical hacking and penetration testing. It defines ethical hacking as using the same tools and techniques as cyber attackers, but doing so legally with permission to find vulnerabilities and help organizations improve their security. Several frameworks for penetration testing are described, including the process of reconnaissance, scanning systems, gaining access, maintaining access, covering tracks, and reporting findings. The importance of preparation, clear scope, and translating technical risks into business impacts for management is emphasized. Tips include using online resources to gather intelligence and building a toolbox of software and physical tools.
Slide yang kupresentasikan di PyCon 2019 (Surabaya, 23/11/2019)
Red-Teaming is a simulation of real world hacking against organization. It has little to no limit of time, location, and method to attack. Only results matter. This talk gives insight about how “hacker” works and how python can be used for sophisticated series of attack.
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...Edureka!
**Cybersecurity Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka "Ethical Hacking Course" PPT will give you an expansive view into Ethical Hacking. This video will give you an exhaustive understanding on key topics of Ethical Hacking for beginners!
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
This webinar discusses the dissolution of the "trusted zone" and shares insights on how you can build secure applications on Hadoop by adopting best practices in Data-Centric Security with Sqrrl Enterprise.
This document provides an overview of information security and discusses how to become an information security professional. It recommends focusing on operating systems, computer networks, security, cryptography, and programming. Some key information security certifications are also presented, such as OSCP, CISSP, and CEH. The document encourages joining an information security laboratory and community. It also gives an example salary range for penetration testers and summarizes the typical phases of a penetration test based on the Penetration Testing Execution Standard.
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...EC-Council
This document discusses the challenges security researchers face when conducting open-source intelligence (OSINT) research anonymously. It outlines anonymity challenges like security policies prohibiting VPNs and TOR, and a lack of funds for secure anonymous channels. It also discusses challenges obtaining valid information from large datasets and sharing intelligence due to policy differences. The document recommends tools for anonymous OSINT like Whonix and Tails virtual machines, and describes sources like search engines, social media, paste sites and intelligence reports. It emphasizes practicing intelligence in depth using multiple sources.
This document summarizes a presentation by Nick Cavalancia and Patrick Knight of Veriato on revealing the dark web and how to leverage technologies to alert and block dark web access. The presentation covers an introduction to the dark web including how employees can access it, defines common dark web threats, and discusses how to detect and block dark web activity through monitoring TOR browser use, VPN traffic, and specific dark web site addresses. The presentation promotes Veriato's Cerebral insider threat intelligence platform for comprehensively addressing these risks.
The document discusses ethical hacking and penetration testing. It defines ethical hacking as using the same tools and techniques as cyber attackers, but doing so legally with permission to find vulnerabilities and help organizations improve their security. Several frameworks for penetration testing are described, including the process of reconnaissance, scanning systems, gaining access, maintaining access, covering tracks, and reporting findings. The importance of preparation, clear scope, and translating technical risks into business impacts for management is emphasized. Tips include using online resources to gather intelligence and building a toolbox of software and physical tools.
Slide yang kupresentasikan di PyCon 2019 (Surabaya, 23/11/2019)
Red-Teaming is a simulation of real world hacking against organization. It has little to no limit of time, location, and method to attack. Only results matter. This talk gives insight about how “hacker” works and how python can be used for sophisticated series of attack.
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...Edureka!
**Cybersecurity Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka "Ethical Hacking Course" PPT will give you an expansive view into Ethical Hacking. This video will give you an exhaustive understanding on key topics of Ethical Hacking for beginners!
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
This webinar discusses the dissolution of the "trusted zone" and shares insights on how you can build secure applications on Hadoop by adopting best practices in Data-Centric Security with Sqrrl Enterprise.
This document provides an overview of information security and discusses how to become an information security professional. It recommends focusing on operating systems, computer networks, security, cryptography, and programming. Some key information security certifications are also presented, such as OSCP, CISSP, and CEH. The document encourages joining an information security laboratory and community. It also gives an example salary range for penetration testers and summarizes the typical phases of a penetration test based on the Penetration Testing Execution Standard.
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
Whether they realize it or not, all enterprises have valuable data to protect. Credit card information, trade secrets, and patient data, for example, are all prime targets for cyber criminals.
You can reduce risk to your sensitive data through the use of compliance/segmentation monitoring. But what happens when malicious insiders or external attackers bypass these controls?
Join Lancope’s Consulting Security Architect, Charles Herring, to learn how network behavioral anomaly detection (NBAD) and deep visibility through NetFlow can be used to quickly alert administrators to these violations. Discover how to detect anomalies such as data hoarding and data loss to more effectively safeguard your crown jewels.
small talk about IOT security especially IOT pentesting for beginner. What exactly IOT and how we test it?
Live on Ethical Hacker Indonesia
April 14th 2020
Defending Against 1,000,000 Cyber Attacks by Michael BanksEC-Council
Every time you look around some company or government organization is spouting out some huge number of “cyber-attacks” to their network every day. By no means is it easy, but could it be that there is a little exaggeration of the actuality of the encounters? There is surely a misconception in reporting and the understanding of the attack itself and how organizations account for them. There are “attacks” like port scanning and brute force attempting all across the internet and all hours of the day. Spreading awareness about them will inform the public on just how “intense” these attacks are. To demonstrate this, I bought a nice attractive domain and coupled it with a honey-pot and let the fun begin.
Two Days National Level Workshop on Network Security on Februrary 27th and 28th 2015 organzied by Department of Computer Science, Rathinam College of Arts and Science, Eachanari, Coimbatore.
The sessions are handled by Mr. Neeraj Kumar, Associate Consultant Information and Network Security, UTL Technologies, Banagalore.
The program was organized in association with UTL Technologies, Bangalore.
Information Security Lesson 2 - Attackers and Attacks - Eric VanderburgEric Vanderburg
This document defines and describes different types of attackers and attacks on information security. It identifies hackers, crackers, script kiddies, spies, employees, hacktivists, and cyberterrorists as common attackers with varying levels of skill and motivations. Common attack types include social engineering, buffer overflows, password guessing, man-in-the-middle attacks, and denial of service attacks. Malware threats like viruses, worms, Trojan horses, and spyware are also outlined. The document concludes with descriptions of protection techniques like firewalls and discusses backdoors and rootkits as other access methods.
A honeypot is a computer security mechanism designed to detect unauthorized access. It acts as a trap for attackers by diverting their attention from real network resources. The main functions of a honeypot are to build attacker profiles, identify preferred attack methods, and capture new viruses. Honeypots are classified by their level of interaction (low interaction provides emulated services while high interaction uses actual operating systems), implementation (physical vs virtual), and purpose (research to discover new attacks vs production to detect threats).
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
APNIC Senior Security Specialist Adli Wahid provides some useful findings of lessons learned from security incidents at the UMS Cybersecurity Awareness Seminar, held online on 25 October 2021.
Ethical hacking involves legally accessing computer systems and networks to test security and find vulnerabilities. It helps identify weaknesses that criminals could exploit. There are different types of hackers defined by their intentions and knowledge - white hat hackers help companies, while black hat hackers intend harm. Ethical hacking is important as it allows issues to be addressed before real attackers can cause damage. Common attacks include brute force, buffer overflows, and denial of service. Companies should implement security measures like strong passwords, antivirus software, and logging out of accounts to protect themselves from hacking.
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...EC-Council
Today there is a dispute over the ethics of operations involving honeypots and honeynets in cyber security. However, many organizations will adopt the use of such techniques and tools to develop defensive strategies to stop attackers. For professional offensive security practitioners, detecting, bypassing, and even avoiding honeypots is a new challenge and much is to be discovered and shared. This brief will work to accomplish these objectives and begin the development of a new framework for Counter Honeypot Operations (CHOps).
Hacking" is the word that shakes everyone whenever it is said or heard by someone. Everyone born in this world with attitude wants to be a Hacker. But it is not a job of a new born baby or an old grown lady. A Hacker needs a brilliant mind to hack anything. His skills should be so powerful that no other hacker can hack him. A Hacker doesn't need software to hack. There are many rules that he should learn to become an Ethical Hacker. These rules include knowledge of HTML, JavaScript, Computer Tricks, and Cracking & Breaking etc.
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016Danny Akacki
We can all agree that threat detection is an essential component of a functioning security monitoring program. Let's start thinking about how to take our tradecraft to the next level and hunt for ways for evil to do evil things. This talk will run through some of the observations gathered during hunting expeditions inside the networks of multiple Fortune ranked organizations. We hope to challenge you to expand your security operations, moving beyond traditional signature based detection.
The Internet of Things is the idea that everything around us from cars to ovens can be connected. If everything around us is linked and collecting information, these networks must be able to provide security and privacy to the end-user particularly in low-power lossy networks.
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...Chi En (Ashley) Shen
The document discusses threat intelligence platforms (TIPs) and leveraging them to defend against cyber attacks. It describes how TIPs aggregate internal and external data from various sources, help manage that information to facilitate analysis, and support turning analyzed intelligence into actionable information. The document then provides an example analysis of the activities of the Menupass cyber espionage group over time as discovered through a TIP.
Discover advanced threats with threat intelligence - Jeremy LiJeremy Li
Jeremy Li presented on building private threat intelligence datasets and using them to discover advanced threats. He discussed researching attacker profiling, collecting security data from logs and sensors, and building an internal threat intelligence platform. Li then demonstrated analyzing native-based data, threat intelligence, and attacker profiles to investigate a potential database collision incident targeting the financial industry. The presentation provided examples of using threat intelligence to map out attacker techniques and identify suspicious IP addresses and domains.
APrIGF 2015: Security and the Internet of ThingsAPNIC
Adli Wahid addresses the current cybersecurity issues seen with the growth of the Internet of Things at the 2015 Asia Pacific Regional Internet Governance Forum (APrIGF) in Macao.
For organizations and individuals with limited security budgets, successfully hunting for cyber adversaries can be a daunting challenge. Threat Intelligence can be expensive and sometimes
nothing more than IoCs or blacklists. In this talk, Endgame’s threat research team will present a series of techniques that can enable organizations to leverage free or almost-free sources of
data and open-source tools to “hunt on the cheap.” They’ll explain how to: retrieve attackers’ tools from globally distributed honeynets that look like your organization or a juicy launching
point to attackers; enrich the data past basic file/tool hashes to identify malicious command and control IPs/domains through automated binary analysis using open-source sandboxes and tools; and use passive DNS data to identify active infections and enrich existing data sets. Attendees will learn how to apply these three techniques to hunt for adversaries within their own
networks. They will also learn about the various open-source solutions available, such as graph databases, that make these techniques inexpensive and within the scope of many organizations.
Anjum Ahuja, Senior Threat Researcher, Endgame
Jamie Butler, Chief Scientist, Endgame
Andrew Morris, Threat Researcher, Endgame
This document discusses principles of wireless and internet security. It covers finding available networks, connecting to them, and encryption/decryption. It also mentions internet banking and general internet security threats like viruses, spyware, hacking and keystroke loggers. The document recommends using an internet security package and strong passwords to defend against most threats.
This presentation was delivered at BSides Augusta in September 2016. The A/V portion is available here: https://www.youtube.com/watch?v=i6p71t9PFWM
Abstract:
"We can all agree that threat ("Evil") detection is an essential component of a functioning security monitoring program. Let's start thinking about how to take our tradecraft to the next level and hunt for insecure conditions ("Ways for Evil to do Evil things") that might allow threat actors to succeed in their mission.
This talk will run through some of the observations gathered during hunting expeditions inside the networks of multiple Fortune-ranked organizations and challenge you to expand your security operations thinking beyond signature-based detection.
- What is Hunting?
- How have we done it?
- What have we found, and what should be done about those findings?
- How might you achieve similar outcomes in your own environment?"
Speakers:
- Jacqueline Stokes (@find_evil) is an infosec enthusiast who picked up hacking as a preteen and cut her teeth over multiple years in Iraq. Her ongoing mission is to assess and advise clients on the most actionable and forward-thinking methods to improve detection, response, and containment of advanced threats. Jackie likes long walks on the beach, 90's nostalgia, and is the president and founding member of the Kevin Mandia Fan Club.
- Danny Akacki (@dakacki) was a Lead Analyst with GE Capitals' Applied Intelligence team prior to his employment with Mandiant, and now works for Bank of America's hunt team. He is a pragmatic optimist and believes we are probably screwed, but hopes we aren't. Danny enjoys finding evil on the weekends.
- Stephen Hinck (@stephenhinck) is a Senior Security Analyst at Oracle, Inc. Stephen stumbled into the information security world years ago and has since only managed to dig his way deeper to the rabbit hole. With a background in security operations, incident response and threat hunting, Stephen's experience is multi-faceted. Although he enjoys many things, he absolutely hates writing silly bios like this one.
Information security is not about reacting to attacks. Information security is about analyzing patterns and predicting potential threats by expanding the defense perimeter beyond the traditional borders.
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญBAINIDA
This document discusses information security as an academic field focused on developing professionals who can analyze organizational risks, plan security strategies, create security policies, and respond to threats to support organizational missions. It notes that those studying this field gain expertise in both security technologies and security management. The document then lists relevant courses and outlines the key components of the security management process: plan, protect, and respond.
2023 NCIT: Introduction to Intrusion DetectionAPNIC
APNIC Senior Security Specialist Adli Wahid presents an Introduction to Intrusion Detection at the 2023 NCIT, held in Suva, Fiji from 17 to 18 August 2023.
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
This document summarizes a presentation given by Dr. Engin Kirda on reacting to advanced cyberattacks in real-time using Lastline's detection platform. The presentation discusses how malware has become more sophisticated, evasive, and targeted. Lastline takes a unique approach to detection by using full system emulation in their sandbox environment, which allows them to detect malware that evades traditional antivirus solutions and virtualized sandboxes. The Lastline platform components work together to analyze suspicious files, correlate events into high-level incidents, share threat intelligence, and help automatically mitigate breaches across an organization's network in real-time.
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
Whether they realize it or not, all enterprises have valuable data to protect. Credit card information, trade secrets, and patient data, for example, are all prime targets for cyber criminals.
You can reduce risk to your sensitive data through the use of compliance/segmentation monitoring. But what happens when malicious insiders or external attackers bypass these controls?
Join Lancope’s Consulting Security Architect, Charles Herring, to learn how network behavioral anomaly detection (NBAD) and deep visibility through NetFlow can be used to quickly alert administrators to these violations. Discover how to detect anomalies such as data hoarding and data loss to more effectively safeguard your crown jewels.
small talk about IOT security especially IOT pentesting for beginner. What exactly IOT and how we test it?
Live on Ethical Hacker Indonesia
April 14th 2020
Defending Against 1,000,000 Cyber Attacks by Michael BanksEC-Council
Every time you look around some company or government organization is spouting out some huge number of “cyber-attacks” to their network every day. By no means is it easy, but could it be that there is a little exaggeration of the actuality of the encounters? There is surely a misconception in reporting and the understanding of the attack itself and how organizations account for them. There are “attacks” like port scanning and brute force attempting all across the internet and all hours of the day. Spreading awareness about them will inform the public on just how “intense” these attacks are. To demonstrate this, I bought a nice attractive domain and coupled it with a honey-pot and let the fun begin.
Two Days National Level Workshop on Network Security on Februrary 27th and 28th 2015 organzied by Department of Computer Science, Rathinam College of Arts and Science, Eachanari, Coimbatore.
The sessions are handled by Mr. Neeraj Kumar, Associate Consultant Information and Network Security, UTL Technologies, Banagalore.
The program was organized in association with UTL Technologies, Bangalore.
Information Security Lesson 2 - Attackers and Attacks - Eric VanderburgEric Vanderburg
This document defines and describes different types of attackers and attacks on information security. It identifies hackers, crackers, script kiddies, spies, employees, hacktivists, and cyberterrorists as common attackers with varying levels of skill and motivations. Common attack types include social engineering, buffer overflows, password guessing, man-in-the-middle attacks, and denial of service attacks. Malware threats like viruses, worms, Trojan horses, and spyware are also outlined. The document concludes with descriptions of protection techniques like firewalls and discusses backdoors and rootkits as other access methods.
A honeypot is a computer security mechanism designed to detect unauthorized access. It acts as a trap for attackers by diverting their attention from real network resources. The main functions of a honeypot are to build attacker profiles, identify preferred attack methods, and capture new viruses. Honeypots are classified by their level of interaction (low interaction provides emulated services while high interaction uses actual operating systems), implementation (physical vs virtual), and purpose (research to discover new attacks vs production to detect threats).
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
APNIC Senior Security Specialist Adli Wahid provides some useful findings of lessons learned from security incidents at the UMS Cybersecurity Awareness Seminar, held online on 25 October 2021.
Ethical hacking involves legally accessing computer systems and networks to test security and find vulnerabilities. It helps identify weaknesses that criminals could exploit. There are different types of hackers defined by their intentions and knowledge - white hat hackers help companies, while black hat hackers intend harm. Ethical hacking is important as it allows issues to be addressed before real attackers can cause damage. Common attacks include brute force, buffer overflows, and denial of service. Companies should implement security measures like strong passwords, antivirus software, and logging out of accounts to protect themselves from hacking.
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...EC-Council
Today there is a dispute over the ethics of operations involving honeypots and honeynets in cyber security. However, many organizations will adopt the use of such techniques and tools to develop defensive strategies to stop attackers. For professional offensive security practitioners, detecting, bypassing, and even avoiding honeypots is a new challenge and much is to be discovered and shared. This brief will work to accomplish these objectives and begin the development of a new framework for Counter Honeypot Operations (CHOps).
Hacking" is the word that shakes everyone whenever it is said or heard by someone. Everyone born in this world with attitude wants to be a Hacker. But it is not a job of a new born baby or an old grown lady. A Hacker needs a brilliant mind to hack anything. His skills should be so powerful that no other hacker can hack him. A Hacker doesn't need software to hack. There are many rules that he should learn to become an Ethical Hacker. These rules include knowledge of HTML, JavaScript, Computer Tricks, and Cracking & Breaking etc.
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016Danny Akacki
We can all agree that threat detection is an essential component of a functioning security monitoring program. Let's start thinking about how to take our tradecraft to the next level and hunt for ways for evil to do evil things. This talk will run through some of the observations gathered during hunting expeditions inside the networks of multiple Fortune ranked organizations. We hope to challenge you to expand your security operations, moving beyond traditional signature based detection.
The Internet of Things is the idea that everything around us from cars to ovens can be connected. If everything around us is linked and collecting information, these networks must be able to provide security and privacy to the end-user particularly in low-power lossy networks.
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...Chi En (Ashley) Shen
The document discusses threat intelligence platforms (TIPs) and leveraging them to defend against cyber attacks. It describes how TIPs aggregate internal and external data from various sources, help manage that information to facilitate analysis, and support turning analyzed intelligence into actionable information. The document then provides an example analysis of the activities of the Menupass cyber espionage group over time as discovered through a TIP.
Discover advanced threats with threat intelligence - Jeremy LiJeremy Li
Jeremy Li presented on building private threat intelligence datasets and using them to discover advanced threats. He discussed researching attacker profiling, collecting security data from logs and sensors, and building an internal threat intelligence platform. Li then demonstrated analyzing native-based data, threat intelligence, and attacker profiles to investigate a potential database collision incident targeting the financial industry. The presentation provided examples of using threat intelligence to map out attacker techniques and identify suspicious IP addresses and domains.
APrIGF 2015: Security and the Internet of ThingsAPNIC
Adli Wahid addresses the current cybersecurity issues seen with the growth of the Internet of Things at the 2015 Asia Pacific Regional Internet Governance Forum (APrIGF) in Macao.
For organizations and individuals with limited security budgets, successfully hunting for cyber adversaries can be a daunting challenge. Threat Intelligence can be expensive and sometimes
nothing more than IoCs or blacklists. In this talk, Endgame’s threat research team will present a series of techniques that can enable organizations to leverage free or almost-free sources of
data and open-source tools to “hunt on the cheap.” They’ll explain how to: retrieve attackers’ tools from globally distributed honeynets that look like your organization or a juicy launching
point to attackers; enrich the data past basic file/tool hashes to identify malicious command and control IPs/domains through automated binary analysis using open-source sandboxes and tools; and use passive DNS data to identify active infections and enrich existing data sets. Attendees will learn how to apply these three techniques to hunt for adversaries within their own
networks. They will also learn about the various open-source solutions available, such as graph databases, that make these techniques inexpensive and within the scope of many organizations.
Anjum Ahuja, Senior Threat Researcher, Endgame
Jamie Butler, Chief Scientist, Endgame
Andrew Morris, Threat Researcher, Endgame
This document discusses principles of wireless and internet security. It covers finding available networks, connecting to them, and encryption/decryption. It also mentions internet banking and general internet security threats like viruses, spyware, hacking and keystroke loggers. The document recommends using an internet security package and strong passwords to defend against most threats.
This presentation was delivered at BSides Augusta in September 2016. The A/V portion is available here: https://www.youtube.com/watch?v=i6p71t9PFWM
Abstract:
"We can all agree that threat ("Evil") detection is an essential component of a functioning security monitoring program. Let's start thinking about how to take our tradecraft to the next level and hunt for insecure conditions ("Ways for Evil to do Evil things") that might allow threat actors to succeed in their mission.
This talk will run through some of the observations gathered during hunting expeditions inside the networks of multiple Fortune-ranked organizations and challenge you to expand your security operations thinking beyond signature-based detection.
- What is Hunting?
- How have we done it?
- What have we found, and what should be done about those findings?
- How might you achieve similar outcomes in your own environment?"
Speakers:
- Jacqueline Stokes (@find_evil) is an infosec enthusiast who picked up hacking as a preteen and cut her teeth over multiple years in Iraq. Her ongoing mission is to assess and advise clients on the most actionable and forward-thinking methods to improve detection, response, and containment of advanced threats. Jackie likes long walks on the beach, 90's nostalgia, and is the president and founding member of the Kevin Mandia Fan Club.
- Danny Akacki (@dakacki) was a Lead Analyst with GE Capitals' Applied Intelligence team prior to his employment with Mandiant, and now works for Bank of America's hunt team. He is a pragmatic optimist and believes we are probably screwed, but hopes we aren't. Danny enjoys finding evil on the weekends.
- Stephen Hinck (@stephenhinck) is a Senior Security Analyst at Oracle, Inc. Stephen stumbled into the information security world years ago and has since only managed to dig his way deeper to the rabbit hole. With a background in security operations, incident response and threat hunting, Stephen's experience is multi-faceted. Although he enjoys many things, he absolutely hates writing silly bios like this one.
Information security is not about reacting to attacks. Information security is about analyzing patterns and predicting potential threats by expanding the defense perimeter beyond the traditional borders.
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญBAINIDA
This document discusses information security as an academic field focused on developing professionals who can analyze organizational risks, plan security strategies, create security policies, and respond to threats to support organizational missions. It notes that those studying this field gain expertise in both security technologies and security management. The document then lists relevant courses and outlines the key components of the security management process: plan, protect, and respond.
2023 NCIT: Introduction to Intrusion DetectionAPNIC
APNIC Senior Security Specialist Adli Wahid presents an Introduction to Intrusion Detection at the 2023 NCIT, held in Suva, Fiji from 17 to 18 August 2023.
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
This document summarizes a presentation given by Dr. Engin Kirda on reacting to advanced cyberattacks in real-time using Lastline's detection platform. The presentation discusses how malware has become more sophisticated, evasive, and targeted. Lastline takes a unique approach to detection by using full system emulation in their sandbox environment, which allows them to detect malware that evades traditional antivirus solutions and virtualized sandboxes. The Lastline platform components work together to analyze suspicious files, correlate events into high-level incidents, share threat intelligence, and help automatically mitigate breaches across an organization's network in real-time.
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
Respond proactively to threats like a defense contractor. It’s more realistic than you might think!
A practical guide of how to build intelligence-driven cyber defenses using open source software, based on real implementations of best practices, adapted from the Lockheed Martin Cyber Kill Chain model.
Zero Day Malware Detection/Prevention Using Open Source SoftwareMyNOG
Zero Day Malware Detection/Prevention Using Open Source Software – Proof of Concept
Fathi Kamil Mohad Zainuddin
Senior Analyst (Malware Research Centre, MyCERT)
Cambodia CERT Seminar: Incident response for ransomeware attacksAPNIC
Senior Security Specialist Adli Wahid presents on incident response for ransomeware attacks at the Cambodia CERT Seminar, held online on 13 August 2021.
Security in the age of open source - Myths and misperceptionsTim Mackey
As delivered at Interop ITX 2017.
The security of open source software is a function of the security of its components. For most applications, open source technologies are at their core, but security related issues may not be disclosed directly against the application because its use of the open-source component is hidden. In this talk, I explored how information flow benefits attackers, but how awareness can help defenders. I presented key attributes any vulnerability solution should have - including deep understanding of how open source development works and being DevOps aware.
FBI & Secret Service- Business Email Compromise WorkshopErnest Staats
Compiled some Open source and other tools that I that I have used for BEC/EAC protection, security, & training. I had a great time sitting on the panel with other members.
This presentation was delivered at SkyDogCon 6 in October 2016. The A/V is available here: https://www.youtube.com/watch?list=PLLEf-wPc7Tyae19iTuzKOXmPj-IQBIWuU&v=mKxGulV2Z74
It is an updated version of the original deck presented at BSides Augusta 2016 - Added original content including information on use cases and added definition/clarity.
Abstract:
"We can all agree that threat ("Evil") detection is an essential component of a functioning security monitoring program. Let's start thinking about how to take our tradecraft to the next level and hunt for insecure conditions ("Ways for Evil to do Evil things") that might allow threat actors to succeed in their mission.
This talk will run through some of the observations gathered during hunting expeditions inside the networks of multiple Fortune-ranked organizations and challenge you to expand your security operations thinking beyond signature-based detection.
- What is Hunting?
- How have we done it?
- What have we found, and what should be done about those findings?
- How might you achieve similar outcomes in your own environment?"
Speakers:
- Jacqueline Stokes (@find_evil) is an infosec enthusiast who picked up hacking as a preteen and cut her teeth over multiple years in Iraq. Her ongoing mission is to assess and advise clients on the most actionable and forward-thinking methods to improve detection, response, and containment of advanced threats. Jackie likes long walks on the beach, 90's nostalgia, and is the president and founding member of the Kevin Mandia Fan Club.
This PowerPoint presentation provides an overview of ethical hacking. It discusses the different types of hackers, including white hat, black hat, and gray hat hackers. It also explains what ethical hacking is, why we need it, and the methodology used, which includes reconnaissance, scanning, enumeration, gaining access, maintaining access, and covering tracks. The presentation also outlines some common hacking tools, historical cases of hacking, and skills required of an ethical hacker.
Ethical hacking and cyber security introAbhilash Ak
The document discusses ethical hacking and cybersecurity. It begins with an overview of hacking, different types of hackers (white hat, black hat, gray hat), and why people hack. It then covers ethical hacking methodology in 5 phases (reconnaissance, scanning, gaining access, maintaining access, covering tracks). The document also discusses cybersecurity tools, skills of an ethical hacker like networking protocols and various operating systems, advantages and disadvantages of cybersecurity, and why it is important to protect confidentiality, integrity and availability of data.
This document discusses network architecture and reliability. It describes the basic characteristics of fault tolerance, scalability, quality of service, and security that network architectures need to address. It then discusses fault tolerance in networks through packet switching and redundancy. Scalability in networks is achieved through following standards and protocols. Quality of service is important for real-time media like voice and video. The document also covers network security threats and the goals of confidentiality, integrity, and availability.
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...REVULN
TWCSIRT is a full member of FIRST and mainly focuses on the protection of NARLabs, TANet and TWAREN. We are defense cyber-attack from internet and according to government policy to handling incident every day. I am a research fellow with National Center for High-performance Computing and lead cyber security team to operation security operation center to handling incident in Taiwan Academic Network.
In our research project from government, we are deployed the biggest honeynet in Taiwan and used over 6000 IP address to detection malicious network attack come from internet.
We have published our malware knowledge base to sharing malware samples and reports for many researchers, students, research center and sharing our data set for deep tracking about cyber security.
There are many new types of cyber-attack that’s is include ransomware, website mining, DDoS and hybrid malicious attack.
Main Points:
- What’s TWCSIRT Mission and Scope
- How to coordinate in National level with ISAC, CERT and SOC
- Cyber-attack and threat hunting in Taiwan Academic Network
- How to develop cyber security platform for incident handling
- How to do red team and blue team training by CDX
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with trainingAPNIC
APNIC Senior Security Specialist Adli Wahid presents on identifying skill gaps and how to meet them at the ASEAN-JAPAN Cyber Security Seminar, held online on 11 August 2021.
Cybersecurity: Malware & Protecting Your Business From CyberthreatsSecureDocs
http://www.securedocs.com -The recent increase in high-profile cyberattacks has made online security a hot topic, and rightfully so. Companies from The New York Times to Facebook have fallen victim to attacks by cybercriminals, highlighting just how vulnerable any business is. In the past few years, malware has evolved dramatically and is a serious threat to all organizations, both big and small.
This presentation covers what advanced malware is and the impact it can have on an organization. Learn how to protect your business from this type of threat.
Top 6 Sources for Identifying Threat Actor TTPsRecorded Future
The document discusses 6 key sources for identifying threat actors' tactics, techniques and procedures (TTPs): 1) Open source intelligence from the deep and dark web, 2) Darknets which are intentionally vulnerable networks, 3) Telemetry data collected internally and by vendors, 4) Scanning and crawling the open web actively, 5) Malware processing by vendors to inform security protocols, and 6) Closed source human intelligence developing online relationships. The takeaway is that organizations should assess their needs to determine the appropriate approach based on size and budget.
The document discusses honey pots, which are computer systems that are intended to attract and monitor hackers. It provides an overview of honey pots, including their historical development, types (production vs research), levels of interaction (low vs high), tools used, and advantages and disadvantages. The document also discusses how honey pots work using intrusion detection systems like Snort, and how honey pots have evolved over time and may continue to develop in the future.
FBI & Secret Service- Business Email Compromise WorkshopErnest Staats
This document provides information on various open source and low-cost security tools and solutions, including test email servers, phishing training modules, phishing frameworks, password checking tools, email alerts, network mapping tools, and more. It also lists free business intelligence software, and resources on avoiding business email compromise scams.
This document provides an overview of information gathering and vulnerability scanning techniques for the CompTIA Pentest+ certification. It discusses the importance of gathering both technical and people information about the target. It covers passive information gathering techniques like searching public databases and active techniques like port scanning and website crawling. The document demonstrates tools for discovering domains, IP addresses, ports, services and technical details through techniques like DNS queries, Nmap scanning, and using search engines and Shodan. It emphasizes using both passive and active approaches to fully map the target environment.
Similar to Honeypots for proactively detecting security incidents (20)
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...APNIC
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...APNIC
Chimi Dorji, Internet Resource Analyst at APNIC, presented on Registry Data Accuracy Improvements at SANOG 41 jointly held with INNOG 7 in Mumbai, India from 25 to 30 April 2024.
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
Sunny Chendi, Senior Advisor, Membership and Policy at APNIC, presents 'APNIC Policy Roundup' at the 5th ICANN APAC-TWNIC Engagement Forum and 41st TWNIC OPM in Taipei, Taiwan from 23 to 24 April.
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
Dave Phelan, Senior Network Analyst/Technical Trainer at APNIC, presents 'DDoS In Oceania and the Pacific' at NZNOG 2024 held in Nelson, New Zealand from 8 to 12 April 2024.
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
Geoff Huston, Chief Scientist at APNIC deliver keynote presentation on the 'Future Evolution of the Internet' at the Everything Open 2024 conference in Gladstone, Australia from 16 to 18 April 2024.
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
Paul Wilson, Director General of APNIC delivers a presentation on IP addressing and IPv6 to the Policymakers Program during IETF 119 in Brisbane Australia from 16 to 22 March 2024.
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
Tom Harrison, Product and Delivery Manager at APNIC presents at the Registration Protocols Extensions working group during IETF 119 in Brisbane, Australia from 16-22 March 2024
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
Che-Hoo Cheng, Senior Director, Development at APNIC presents on the "Benefits of doing Internet peering and running an Internet Exchange (IX)" at the Communications Regulatory Commission of Mongolia's IPv6, IXP, Datacenter - Policy and Regulation International Trends Forum in Ulaanbaatar, Mongolia on 7 March 2024
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
APNIC Senior Advisor, Membership and Policy, Sunny Chendi presented on APNIC updates and RIR Policies for ccTLDs at APTLD 85 in Goa, India from 19-22 February 2024.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
2. Let’s Connect
• Adli Wahid
o Senior Internet Security Specialist @ APNIC
o Board Member of Forum of Incident Response and Security Teams (FIRST)
• APNIC
o Regional Internet Registry for the AP region
• FIRST
o Association of CERTs/CSIRTs
o 30th AGM & Conference in 2018 (Kuala Lumpur)
3. Plan
1. Honeypots & Honeynets
2. Using Honeypots Inside Enterprise
3. Honeytokens
4. Main Points
5. Honeypots in a Nutshell
• Resources deployed to be attacked & compromised
• Emulate services, systems or hosts
• Interaction with adversaries
• Easy to deploy & integrate with existing security controls
6. Benefits
• Differentiate noise & suspicious / malicious traffic
• Information can be collected about attacks and/or
adversaries
o IP addresses / Domains
o Files / Hashes / Malware Samples
o TTPs
• CERTs / CSIRTs
o Understand context about attacks
o Research and Development
17. Honeytokens
A honeytoken is data or a computing resource that exists
for the purpose of alerting you when someone accesses
it.
18. Scenario
• Adversary _already_ inside your infrastructure or
valueable target
• Multiple Forms:
o Usernames / Passwords
o URL / Links
o Files
o Web Pages
o Etc
• Adversary use / open tokens and announce their
presence
21. Scan to get Server Information
https://www.canarytokens.org
22. Implementation
• Canarytokens
o Canarytokens.org by Thinks
o Opensource Source (on Github)
o https://github.com/thinkst/canarytokens
• Dcept by Secureworks
o Opensource
o ActiveDirectory
o https://github.com/secureworks/dcept
o Commercial Solutions are available
23. Conclusion
1. Consider honeypots to increase chance of detecting
adversaries or attack
2. Check out Honeynet Project Website for more
information
o Annual Conference in Canberra in November
o Community Information sharing
3. Security Response Community
o https://www.first.org
4. General Cyber Security
o https://academy.apnic.net
Step 1: Reconnaissance. The attacker gathers information on the target before the actual attack starts. He can do it by looking for publicly available information on the Internet.
Step 2: Weaponization. The attacker uses an exploit and creates a malicious payload to send to the victim. This step happens at the attacker side, without contact with the victim.
Step 3: Delivery. The attacker sends the malicious payload to the victim by email or other means, which represents one of many intrusion methods the attacker can use.
Step 4: Exploitation. The actual execution of the exploit, which is, again, relevant only when the attacker uses an exploit.
Step 5: Installation. Installing malware on the infected computer is relevant only if the attacker used malware as part of the attack, and even when there is malware involved, the installation is a point in time within a much more elaborate attack process that takes months to operate.
Step 6: Command and control. The attacker creates a command and control channel in order to continue to operate his internal assets remotely. This step is relatively generic and relevant throughout the attack, not only when malware is installed.
Step 7: Action on objectives. The attacker performs the steps to achieve his actual goals inside the victim’s network. This is the elaborate active attack process that takes months, and thousands of small steps, in order to achieve.