Design of Indonesia Malware Attack Monitoring Center - Charles Lim

•

0 likes•866 views

This document summarizes Charles Lim's presentation on the design of a malware attack monitoring system for Indonesia. It proposes a distributed honeynet sensor system with sensors placed around Indonesia to monitor actual malware attacks. The data would be sent to a National Monitoring Center to analyze malware threats. Setting up a monitoring system could help Indonesia gain knowledge of malware behaviors and better protect its networks.

Technology Business

Design of Indonesia Malware Attack
g
Monitorin Center
ng

7th Ma 2012
ay
Indonesia Security Conference 2012
y
Markassar Indonesia
r,

Charles Lim, Msc., ECSA ECSP, ECIH, CEH, CEI
A,
Indonesia Honeynet Project Chapter Lead

AGEN
NDA

Problem Statement
Honeynet – capturin autonomous
ng
spreading malware
Distributed Honeynet Sensors
System Architecture
e
National Monitoring Center
g
Conclusion and Rec
commendation

2

Problem S
Statement
IDSIRTII has experime t d with h
h i ented ith honeypot
t
using nepenthes and ddionaea

Swiss German Univers sity, independently, has
also experimented hon neypot using nepenthes
and dionaea for at leas 2 years
st

No existing grand des
sign to place sensors
around Indonesia and monitor actual malware
attacks around Indone
esia

3

Hone
eynet
Honeynet is a collectio of honeypots
on

“Is a decoy that is use to lured malware or
ed
attacker (hacker).”
(hacker) ”

“It is a computer that h
have no production
value, so if it is compr
romised or destroyed
should not affect the aactivities of the
companies.”
p

4

Honeypot Based on Interaction
d

Two kinds of honeypo :
ot

Low Interaction Honeypo
ot

High Interaction Honeyp
pot

5

Low Interactio Honeypot
on

Do not implements actual service
Disguise as a real s
system
Good for finding known attack and
g
expected behavior
Usually automated
Lower cost needed
Example : Nepenthe Amun, Dionaea
es,

6

High Interaction Honeypot

It is a “real” system usually with
m
different configuration than the real
g
system.
Riskier than Low-Interacti it d e to
Lo Interactivity due
“Allow all” configur
ration
Difficult to maintain and manually
n
configure
Higher cost needed
Example : Physical HIH, Virtual HIH

7

Table of Co
omparison

Low-inte
eraction High-interaction

Degree of interaction Lo
ow High

Real operating system No
N Yes

Risk Lo
ow High

Knowledge gain Connectio
on/Request Everything

Can be conquered No
N Yes

Maintenance time Lo
ow High

8

Distributed Hon
neynet Sensors

Indonesia Honeynet
Malwar Repository
re

13

National Monitoring Center
Design for National Mo
onitoring Center for
Malware Attack proposal is work in progress

KEMKOMINFO has committed to the work and
the first pilot will invol about 10 nodes
lve
within this year in diffeerent cities in Indonesia

National Conference
1st Academy CERT on Malware Research
http://www.sgu.ac.id/aca
ademy cert meeting
ademy-cert-meeting
2nd Academy CSIRT on Malware Lab Setup
n
http://www.slideshare.net/ h l li /
htt // lid h et/charles.lim/workshop-on-
k h
setting-up-malware-lab
3rd A d
d Academy CSIRT on M l
n Malware Reporting
R ti
To be held on 30th May t 2nd June 2012,
to
http://csirt.itmaranatha.o
org/event/201205/

International Conference
SecureAsia 2011, Jaka
arta, Indonesia
http://www.informationse
ecurityasia.com/2011/confere
nce/agenda.html
FIRST 2012 Conferenc Bali, Indonesia
ce,
http://event.idsirtii.or.id/w
wp-
content/uploads/2011/10 0/FIRST-TC-PROGRAMS-
LATEST-UPDATE1.pdf

The report focuses on three things that stood out in the second half of 2012: botnets (with special reference to ZeroAcess), exploits (particularly against the Java development platform) and banking trojans (Zeus). Also discussed are multi-platform attack in which a coordinated attack campaign is launched against both desktop and mobile platforms, state of today's web concerning malware hosting and malvertising, and an update on the mobile threat scene.

IRJET- Intrusion Detection using Raspberry Pi Honeypot (Snort) for Network Se...

IRJET Journal

1. The document discusses using a Raspberry Pi honeypot with the intrusion detection system Snort to improve network security. 2. A Raspberry Pi-based honeypot is proposed that would use existing tools like Snort and Dionaea to detect attacks, log data on attacker behavior, and strengthen network security in a simple and cost-effective way. 3. The proposed system would use a client-server architecture with the Raspberry Pi honeypot deployed on the network as a separate device to collect data and send it to a central server running Snort and other honeypot software.

Turning tl mr 3020 into automate wireless attacker

idsecconf

Studi dan Implementasi Keamanan User Privacy menggunakan CP-ABE

idsecconf

Mobile Malware defense and possibly Anti-forensics

idsecconf

The document discusses techniques for mobile malware defense and anti-forensics. It describes how mobile malware is used to disrupt devices and steal sensitive information. It then outlines several techniques that could be used to introduce "noise" into the data being exfiltrated by malware to frustrate malware actors and digital forensics analysts, such as flooding email/SMS with fake messages, hooking into system logs to flush or modify entries, and mining existing device metadata to build more convincing fake records. The goal is to assume the device is compromised and make the exfiltrated data less reliable and useful to those spying on the device.

Ctf online idsecconf2012 walkthrough

idsecconf

Laron aplikasi akuisisi berbasis sni 27037 2014 pada ponsel android

idsecconf

Micro control idsecconf2010

idsecconf

This document discusses security issues with microcontrollers (uCs). uCs are commonly used in devices like cars, medical implants, and infrastructure systems. The Atmel AVR8 uC architecture is examined in depth. Issues discussed include weak randomness for crypto, race conditions due to lack of concurrency controls, buffer overflows enabled by the Harvard architecture separating code and data, and attacks involving NULL pointers, uninitialized memory, and dereferencing memory beyond physical limits. Exploiting these issues could allow taking control of uC firmware to potentially manipulate connected devices and systems.

1. The document discusses common attacks on local area networks (LANs), including spoofing, man-in-the-middle attacks, sniffing, TCP/IP session hijacking, remote code execution, and denial-of-service attacks. 2. It describes how each attack works and provides examples of how it could be carried out on a LAN. Specific techniques mentioned include ARP cache poisoning, IP spoofing, DHCP spoofing, switch port stealing, and buffer overflows. 3. The document recommends defenses against these attacks such as using switches instead of hubs, static ARP entries, port security, VLAN segmentation, encryption, firewalls, patching, and monitoring tools. Regular auditing and updating systems is

Doan P. Sinaga, Alex F. Manihuruk, Kevin G.A.T. Pardosi - Securing SCADA Syst...

idsecconf

Dokumen ini membahas penggunaan algoritma enkripsi RC-4 dan metode autentikasi berbasis hash untuk mengamankan sistem SCADA. RC-4 digunakan untuk mengenkripsi komunikasi antara HMI dan kontroler SCADA, sementara metode HMAC digunakan untuk memverifikasi otorisasi pesan sebelum diteruskan ke kontroler. Implementasi mekanisme ini dapat meningkatkan keamanan sistem SCADA dengan melindungi data dari pembacaan dan modifik

Hollywood style decryption

idsecconf

This document discusses how padding oracle attacks can be used to decrypt ciphertext encrypted with CBC mode without knowing the encryption key. It provides examples of how an attacker can decrypt ciphertext one byte at a time by leveraging a padding oracle that reveals whether decrypted padding is valid or invalid. It emphasizes that encryption alone does not provide integrity or authentication, and that an authenticated encryption mode should be used instead of encryption without a MAC to prevent attacks.

Secure Data Center on Cloud Environment, Case Study on GamaBox Cloud Infrastr...

idsecconf

Atmosphere: Secure Messaging for interception protection - Girindro Pringgo D...

idsecconf

GirindroPringgoDigdo presented at the Indonesia Security Conference on developing a secure messaging application called Atmosphere. The presentation covered information security fundamentals like confidentiality, integrity and availability. It noted that text messages are not securely transmitted and can be intercepted. Atmosphere aims to protect sensitive data sent across borders using end-to-end encryption so that messages can only be read by users with the application and not by those intercepting communications. Prototype screenshots of Atmosphere were shared and a demo was provided. The goal is to increase protection against interception and tapping of messages.

Various way of protecting your cloud server port - Abdullah

idsecconf

IPv6 Fundamentals & Securities

Don Anto

- IPv6 is needed to address the impending exhaustion of IPv4 address space. It features a 128-bit address compared to 32-bit in IPv4, vastly expanding the available addresses. - Security issues in transitioning from IPv4 to IPv6 include weaknesses in enumeration, scanning and managing the large IPv6 address space. Firewalls and other perimeter defenses must also protect both IPv4 and IPv6 networks to prevent bypass. - Attacks can exploit protocols like neighbor discovery in IPv6, as well as vulnerabilities in applications that operate over both IPv4 and IPv6. Proper implementation and maintenance of defenses is needed to secure the transition.

Mobile security-an-introduction - za

idsecconf

Distributed Cracking

Don Anto

BGP Vulnerability

Don Anto

This document discusses vulnerabilities in internet core routing protocols, specifically Border Gateway Protocol (BGP). It describes how BGP routing updates can be manipulated through techniques like TCP spoofing, route hijacking, and man-in-the-middle attacks. The document provides examples of how an attacker could use route maps and AS path prepending to hijack traffic by advertising a more specific network prefix. It recommends network design, access controls, strong authentication, and encrypted connections as policies to help secure BGP routing.

Linux kernel-rootkit-dev - Wonokaerun

idsecconf

This document contains the slides from a presentation given by WonoKaerun at the Indonesian Security Conference 2011 in Palembang. The presentation introduces rootkits and techniques for hiding malware at the kernel level on Linux systems. It covers topics like loadable kernel modules, interrupt descriptor table hooking, virtual file system hacking, page fault handler hijacking, debugging register abuse, and kernel instrumentation patching. The goal is to evade detection by security solutions by gaining control of the kernel before anti-rootkit defenses can activate. Throughout, the document emphasizes the cat-and-mouse nature of offensive and defensive security research.

Penetration Tool Berbasis Sistem Terdistribusi untuk Analisa Vulnerability Pa...

idsecconf

Riko Rahmada - Sertifikat dan Tanda Tangan Digital Indonesia

idsecconf

Danang Jaya, Query Adika Rezylana - Steganografi DCT dengan Memanfaatkan Apli...

idsecconf

This document discusses using instant messaging applications to hide secret messages through steganography. It describes how steganography works by hiding messages in cover media like images. The author implemented a simple DCT-based steganography algorithm to hide an image message in a cover image and send it using WhatsApp, Facebook Messenger, and Telegram. The results showed the hidden message was successfully retrieved with little change to the cover image file size.

Network & Computer Forensic

Don Anto

Code review and security audit in private cloud - Arief Karfianto

idsecconf

This document discusses implementing code review and security in a private cloud environment. It outlines some common problems that occur during app development like bugs, errors, and lack of version control. The document then proposes hosting source code in a private cloud repository for improved security, availability, and compliance. It describes using tools like Git, Gitweb and VPN access to implement a flexible source code management system in the cloud with role-based access control and snapshot capabilities.

Web & Wireless Hacking

Don Anto

This document discusses web and wireless hacking techniques. It covers SQL injection, file inclusion, cross-site scripting (XSS), war driving to find wireless networks, and exploiting wireless networks. Specific hacking methods are demonstrated for SQL injection, file inclusion, XSS attacks, and cracking WEP encryption on wireless networks. Tools mentioned include Kismet, Aircrack-ng, AirSnort, and Wireshark for finding wireless networks and cracking WEP.

Pendekatan secure by design pada cluster resource allocation untuk pusat data

idsecconf

Honeypot ppt1

samrat saurabh

Honeypots are systems designed to be probed, attacked, or compromised by cyber attackers. They serve several purposes including detecting attacks, learning how attackers operate, and providing network security. There are two main types - research honeypots which capture extensive information but are complex to deploy, and production honeypots which are easier to use but capture limited data. Honeypots can be low or high interaction, with high interaction honeypots providing more realistic and detailed insights but posing greater risks if compromised.

Honeypots

Gaurav Gupta

Viewers also liked

Turning tl mr 3020 into automate wireless attacker

idsecconf

Analisa kejahatan menggunakan jaringan gsm

idsecconf

Spying The Wire

Don Anto

Doan P. Sinaga, Alex F. Manihuruk, Kevin G.A.T. Pardosi - Securing SCADA Syst...

idsecconf

Hollywood style decryption

idsecconf

Secure Data Center on Cloud Environment, Case Study on GamaBox Cloud Infrastr...

idsecconf

Atmosphere: Secure Messaging for interception protection - Girindro Pringgo D...

idsecconf

Various way of protecting your cloud server port - Abdullah

idsecconf

IPv6 Fundamentals & Securities

Don Anto

Mobile security-an-introduction - za

idsecconf

Distributed Cracking

Don Anto

BGP Vulnerability

Don Anto

Linux kernel-rootkit-dev - Wonokaerun

idsecconf

Penetration Tool Berbasis Sistem Terdistribusi untuk Analisa Vulnerability Pa...

idsecconf

Riko Rahmada - Sertifikat dan Tanda Tangan Digital Indonesia

idsecconf

Danang Jaya, Query Adika Rezylana - Steganografi DCT dengan Memanfaatkan Apli...

idsecconf

Network & Computer Forensic

Don Anto

Code review and security audit in private cloud - Arief Karfianto

idsecconf

Web & Wireless Hacking

Don Anto

Pendekatan secure by design pada cluster resource allocation untuk pusat data

idsecconf

Viewers also liked (20)

Turning tl mr 3020 into automate wireless attacker

Analisa kejahatan menggunakan jaringan gsm

Spying The Wire

Doan P. Sinaga, Alex F. Manihuruk, Kevin G.A.T. Pardosi - Securing SCADA Syst...

Hollywood style decryption

Secure Data Center on Cloud Environment, Case Study on GamaBox Cloud Infrastr...

Atmosphere: Secure Messaging for interception protection - Girindro Pringgo D...

Various way of protecting your cloud server port - Abdullah

IPv6 Fundamentals & Securities

Mobile security-an-introduction - za

Distributed Cracking

BGP Vulnerability

Linux kernel-rootkit-dev - Wonokaerun

Penetration Tool Berbasis Sistem Terdistribusi untuk Analisa Vulnerability Pa...

Riko Rahmada - Sertifikat dan Tanda Tangan Digital Indonesia

Danang Jaya, Query Adika Rezylana - Steganografi DCT dengan Memanfaatkan Apli...

Network & Computer Forensic

Code review and security audit in private cloud - Arief Karfianto

Web & Wireless Hacking

Pendekatan secure by design pada cluster resource allocation untuk pusat data

Similar to Design of Indonesia Malware Attack Monitoring Center - Charles Lim

Honeypot ppt1

samrat saurabh

Honeypots

Gaurav Gupta

Honeypot

Shashwat Shriparv

Honeypots are systems designed to detect attacks by simulating vulnerable systems and monitoring interactions. There are three main types - low-interaction honeypots like Honeyd that simulate services, and high-interaction Gen I and Gen II Honeynets that provide whole system emulations. Honeypots provide prevention by wasting attackers' time, detection of attacks, and research opportunities to understand attack techniques. While they add complexity, honeypots also help with incident response and protecting real systems from learned attacks. Future work may include easier administration, closer integration with other security tools, and more targeted uses.

Introduction to Honeypots

Emil Tan

Teensy Programming for Everyone

Nikhil Mittal

HoneyPots.pptx

AshishSutar11

This document discusses honeypots, which are decoy computer systems used to gather intelligence about cybercriminals. Honeypots mimic real systems to attract and monitor hackers. They can be implemented physically or virtually, and with varying levels of interaction. Low-interaction honeypots limit activities, while high-interaction honeypots provide more complete services to capture more information but require more maintenance. A honeynet is a network of interconnected high-interaction honeypots. Honeypots benefit security by distracting attackers, providing visibility of attacks, and helping to test incident response capabilities. The document recommends frameworks follow ISO 27043 standards and incorporate various honeypot types to detect incidents and collect digital evidence in a cost-effective

Honeypots.ppt1800363876

Momita Sharma

This document provides an overview of honeypots and the Honeynet Project. Honeypots are fake computer systems designed to attract and monitor hackers. They allow researchers to gather data on hacking techniques without endangering real systems. The document discusses low and high interaction honeypots, virtual versus physical honeypots, and how honeypots are used to collect information on attackers. It also provides an overview of the Honeynet Project, which uses entire networks of high interaction honeypots to obtain in-depth data on hacker tactics and tools.

Honey pots

Alok Singh

The document discusses honey pots, which are computer systems that are intended to attract and monitor hackers. It provides an overview of honey pots, including their historical development, types (production vs research), levels of interaction (low vs high), tools used, and advantages and disadvantages. The document also discusses how honey pots work using intrusion detection systems like Snort, and how honey pots have evolved over time and may continue to develop in the future.

Honeypots

Bilal ZIANE

This document provides definitions and explanations of honeypots and honeynets. It begins by defining a honeypot as a resource that pretends to be a real target in order to gather information about attacks without putting real systems at risk. There are different types of honeypots including research/production honeypots and low/high interaction honeypots. Honeynets are networks of multiple honeypot systems that allow for containment of attackers and capture of all activity. Virtual honeynets deploy entire honeynet architectures virtually on single systems. The document outlines advantages like flexibility and minimal resources, and disadvantages like narrow field of view and risk of fingerprinting.

Workshop on Setting up Malware Lab

Charles Lim

The document discusses setting up a malware lab at the Swiss German University. It provides background on the university's malware research goals of obtaining malware samples, analyzing samples using static and dynamic analysis, and classifying local malware using data mining techniques. It then describes the university's malware lab setup, including the isolated network, hardware specifications, and tools used for analysis. Finally, it discusses using honeypots to capture malware samples and introduces Dionaea as a honeypot option to be demonstrated.

Honeypot 101 (slide share)

Emil Tan

"Honeypot 101" Computing Society, Royal Holloway, University of London March, 2015 Abstract: How many times have you come across the term “honeypot” in your lectures and textbooks, or security talks? How much do you know about them? Is “honeypot” a security tool or concept? In this presentation, I’ll walk you through the basics of honeypots, discuss its applications, and demonstrate some honeypots used by researchers.

Honeypot Methods and Applications

ijtsrd

Day by day the internet is becoming an essential part of everyone’s life. In India from 2015 – 2020, there is an increase in internet users by 400 million users. As technology and innovation are increasing rapidly. Security is a key point to keep things in order. Security and privacy are the biggest concern in the world let it is in any field or domain. There is no big difference in cyber security the security is the biggest concern worrying about attacks which could happen anytime. So, in this paper, we are going to talk about honeypot comprehensively. The aim is to track hacker to analyze and understand hacker attacker behavior to create a secure system which is sustainable and efficient. Anoop V Kanavi | Feon Jaison "Honeypot Methods and Applications" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd38045.pdf Paper URL : https://www.ijtsrd.com/computer-science/computer-security/38045/honeypot-methods-and-applications/anoop-v-kanavi

Alexandros Papanikolaou PROmis

Ignite_Athens

Honeypot- An Overview

IRJET Journal

This document provides an overview of honeypots, which are decoy computer systems used to detect attacks. It discusses different types of honeypots classified by interaction level (low, medium, high) and purpose (research, production). Low interaction honeypots have limited interaction, while high interaction honeypots provide a realistic experience for attackers but carry more risk. The document also outlines how honeypots work, describing their ability to lure attackers by emulating real systems and then monitoring their activities. Honeypots provide valuable data for analyzing attack techniques while posing minimal risk to organizations' real networks and systems.

All about Honeypots & Honeynets

Mehdi Poustchi Amin

The document discusses honeypots and honeynets. It defines a honeypot as a decoy system intended to be attacked to gather threat intelligence. Honeynets contain multiple honeypots within a controlled network for monitoring. The document outlines the benefits of deploying honeypots, such as risk mitigation and research. It also discusses techniques for installing and detecting honeypots, and the future of honeypot technologies.

Honeypots

Jyoti Nagargoje

Honeypots are systems designed to capture unauthorized or illicit activity. They come in two main types: low-interaction honeypots emulate services and have limited interaction, while high-interaction honeypots use real systems and applications and can capture more extensive information but have higher risk. Honeyd is an example of a low-interaction honeypot that monitors unused IP space and emulates services like FTP to detect and log unauthorized activity.

Honeypot-A Brief Overview

SILPI ROSAN

Honeypots are information systems designed to detect cyber threats. They emulate vulnerabilities to lure attackers and observe their behavior without authorization. There are two main types: low-interaction honeypots, which emulate services and capture limited data, and high-interaction honeypots, which use real systems and services to gather extensive information but pose higher risks. Honeypots help identify weaknesses, catch attackers, and design more secure networks by compiling logs of unauthorized activity without affecting authorized usage.

Lecture 7

Education

This document discusses honeypots, which are decoy computer systems used to detect attacks. Honeypots have several advantages, including collecting small but high-value data, requiring minimal resources, and working in encrypted or IPv6 environments. Two specific honeypot tools discussed are Honeyd, an open source low-interaction honeypot that can emulate many operating systems and services, and honeynets, which are entire networks of high-interaction honeypots used to capture extensive attacker activity. The document compares several honeypot products and outlines first and second generation honeynet architectures.

Tushar mandal.honeypot

tushar mandal

Combating Advanced Persistent Threats with Flow-based Security Monitoring

Lancope, Inc.

Similar to Design of Indonesia Malware Attack Monitoring Center - Charles Lim (20)

Honeypot ppt1

Honeypots

Honeypot

Introduction to Honeypots

Teensy Programming for Everyone

HoneyPots.pptx

Honeypots.ppt1800363876

Honey pots

Honeypots

Workshop on Setting up Malware Lab

Honeypot 101 (slide share)

Honeypot Methods and Applications

Alexandros Papanikolaou PROmis

Honeypot- An Overview

All about Honeypots & Honeynets

Honeypots

Honeypot-A Brief Overview

Lecture 7

Tushar mandal.honeypot

Combating Advanced Persistent Threats with Flow-based Security Monitoring

More from idsecconf

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...

idsecconf

Cloud Managed Router merupakan hasil dari kombinasi antara perangkat router konvensional dengan teknologi cloud management, yang dikembangkan agar memudahkan pengguna untuk dapat mengatur perangkat router dari jarak jauh. Namun tentu saja dengan penerapan yang kurang tepat, maka hal ini bisa dimanfaatkan oleh orang yang tidak bertanggung jawab, bahkan dapat beresiko akses perangkat router diambil alih. Pada topik ini saya akan sedikit menceritakan bagaimana resiko tersebut bisa terjadi.

idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...

idsecconf

This document provides an agenda and details for a presentation by Neil Armstrong on leveraging infrastructure as code (IaC) for stealthy red team operations. The presentation will cover background on IaC and red team operations, goals and challenges of the project, designs for segmented network, command and control (C2), phishing, and security information and event management (SIEM) infrastructure, implementation and results, and conclusions. The project aims to create reliable, flexible, and stealthy red team infrastructure using IaC to streamline deployments and allow repeatable, disposable operations.

idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...

idsecconf

Dalam dunia keamanan siber, sinergi antara berbagai proses memiliki peran yang sangat penting. Salah satu proses atau framework yang tengah menjadi sorotan dan menarik perhatian luas adalah Detection Engineering. Proses Detection Engineering ini bertujuan untuk meningkatkan struktur dan pengorganisasian dalam pembuatan detection use case atau rules di Security Operation Center (SOC). Detection Engineering bisa dikatakan masih baru dalam dunia keamanan siber, sehingga terdapat banyak peluang untuk membuat keseluruhan prosesnya menjadi lebih baik. Salah satu hal yang masih terlupakan adalah integrasi antara proses Detection Engineering dan Threat Modeling. Biasanya, Threat Modeling lebih berfokus pada solusi pencegahan dan mitigasi resiko secara langsung dan melupakanan komponen deteksi ketika pencegahan dan mitigasi tersebut gagal dalam menjalankan fungsinya. Dalam makalah ini, kami memperkenalkan paradigma baru dengan mengintegrasikan Detection Engineering ke dalam proses Threat Modeling. Pendekatan ini menjadikan Detection sebagai langkah proaktif tambahan, yang dapat menjadi lapisan pertahanan ekstra ketika kontrol pencegahan dan mitigasi akhirnya gagal dalam menghadapi ancaman sesungguhnya.

idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf

idsecconf

Smart doorbell atau bel pintar telah menjadi populer dalam sistem keamanan rumah pintar. Namun, banyak dari perangkat ini masih menggunakan protokol yang tidak aman untuk berkomunikasi, protokol yang rentan terhadap serangan keamanan seperti jamming, sniffing dan replay attack. Penelitian ini bertujuan untuk menganalisis kelemahan penggunaan protokol komunikasi pada smart doorbell, serta menginvestigasi potensi pemanfaatan Software Defined Radio (SDR) dan modul arduino dalam mengamati komunikasi gelombang elektronik pada frekuensi 433 MHz. Selain itu penelitian ini ditujukan untuk mengidentifikasi potensi risiko yang dihadapi oleh pengguna pengkat IoT, serta memberikan pandangan tentang perlindungan yang lebih baik.

idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...

idsecconf

Modern organizations are facing the severe challenge of effectively countering threats and mitigating Indicators of Compromise (IOCs) within their network environments. The increasing complexity and volume of cyber threats has highlighted the urgency of building robust mechanisms to block specific IOCs independently. While some organizations have adopted Endpoint Detection and Response (EDR) systems, these solutions often have limitations and require manual processes to collect and examine IOCs from multiple sources. These operational barriers prevent organizations from achieving a proactive and efficient defense posture, an obstacle that is particularly important due to the critical role that IOC blocking plays in containing the spread of threats and limiting potential damage. Hence, the need for a solution that orchestrates automated IOC blocking, utilizing tools such as AlienVault Open Threat Exchange (OTX), VirusTotal, CrowdStrike, and Slack. In this presentation, we examine the importance of automated IOC blocking and its potential to strengthen network security, while highlighting the critical role that these tools play in mitigating evolving cyber threats.

idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...

idsecconf

idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...

idsecconf

Ali - The Journey-Hack Electron App Desktop (MacOS).pdf

idsecconf

Semakin berkembangnya teknologi di aplikasi Desktop terdapat celah keamanan yang dapat menyebabkan dampak langsung atau tidak langsung pada kerahasiaan, Integritas Data yang di bangun menggunakan Framework dari Electron khusus nya aplikasi Desktop di Sistem Operasi MAC. Dalam materi yang di persentasikan akan membahas celah keamanan Security Misconfiguration,RCE,Code Injection, Bypass File Quarantine dan juga bagaiman cara intercept Aplikasi Electron Desktop di system operasi macOS

Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...

idsecconf

This document discusses how to infiltrate an AWS cloud environment through publicly exposed services like Elastic Container Registry (ECR), Systems Manager (SSM) documents, Elastic Block Store (EBS) snapshots, Relational Database Service (RDS) snapshots, and Amazon Machine Images (AMI). It outlines attack flows showing how an attacker could access credentials, source code, personal information and other sensitive data from these publicly shared resources. The document recommends mitigation steps like encrypting shared resources, frequent credential rotation, using least privilege access, inventorying all resources, and proper Identity and Access Management (IAM) configuration.

Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf

idsecconf

Near Field Communication (NFC) saat ini adalah teknologi yang umumnya di gunakan untuk media pembayaran serta akses kontrol untuk keamanan ruangan dan gedung. Tidak terbatas untuk hal itu saja, teknologi NFC juga kerap di implementasikan untuk perangkat IoT. Beberapa perangkat menggunakan NFC tag untuk menyimpan informasi guna sinkronisasi dengan perangkat smartphone. Penggunaan teknologi NFC awalnya dianggap aman karna mengharuskan alat baca dengan tag berada dalam poisisi yang sangat dekat. Sehingga dianggap sulit untuk melakukan penyadapan informasinya. Seiring waktu banyak penilitian mengungkapkan bahwa komunikasi ISO 1443-3 ini bisa di intip dan di terjemahkan ke dalam bentuk perintah serta respon aslinya. Proxmark3 adalah salah satu alat yang dikembangkan untuk keperluan tersebut. Namun ada kondisi dimana perangkat proxmark tidak dapat di fungsikan maksimal lantaran berkurangnya sensititifitas pembaca dan tag ketika ada objek berada diantara keduanya. Di paper ini saya ingin menyajikan hasil penelitian saya tentang penggunaan Dynamic Instrumentation Frida untuk memantau penggunaan modul java nfc dalam platform Android dan menggunakannya untuk melakukan lockpicking pada gembok pintar berbasis NFC.

Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...

idsecconf

This paper is a documentation of proposed security management for Electronic Health Records which includes security planning and policy, security program, risk management, and protection mechanism. Planning and policy are developed to provide a basic principle of security management at a hospital. The security program in this document includes Risk-Adaptable Access Control (RAdAC) and the implementation of security education, training and awareness (SETA). Regarding risk management, we perform risk identification, inventory of assets, information assets classification, and information assets value assessment, threat identification, and vulnerability assessment. For protection mechanism, we propose biometrics and signature as the authentication methods. The use of firewalls, intrusion detection system and encrypted data transmission is also suggested for securing data, application and network.

Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf

idsecconf

Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...

idsecconf

Evaluasi privasi pengguna pada aplikasi Android menemukan bahwa: (1) sebagian besar aplikasi mengumpulkan data pribadi pengguna seperti lokasi, kontak, dan aktivitas; (2) data tersebut dapat dibagikan ke pihak ketiga dan tidak mudah dihapus; (3) hanya beberapa aplikasi yang memiliki petugas perlindungan data yang tersedia. Analisis ini menunjukkan pentingnya perlindungan privasi pengguna yang lebih

Utian Ayuba - Profiling The Cloud Crime.pdf

idsecconf

Cloud criminals are motivated by curiosity, recognition, thrill-seeking, and more. They exhibit aggressive and rude behaviors online due to reduced social cues and anonymity. Common traits include narcissism, neuroticism, and social awkwardness. While organizations cannot control criminal motivations and traits, they can minimize opportunities by strengthening security with talent, budgets, technologies, and diligence.

Proactive cyber defence through adversary emulation for improving your securi...

idsecconf

Organization using Adversary Emulation plan to develop an attack emulation and/or simulation and execute it against enterprise infrastructure. These activities leverage real-world attacks and TTPs by Threat Actor, so you can identify and finding the gaps in your defense before the real adversary attacking your infrastructure. Adversary Emulation also help security team to get more visibility into their environment. Performing Adversary Emulation continuously to strengthen and improve your defense over the time.

Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada

idsecconf

Pentesting react native application for fun and profit - Abdullah

idsecconf

React Native merupakan framework untuk membuat aplikasi native menggunakan Javascript. Aplikasi dibundling menjadi satu file .bundle yang berisi seluruh logika aplikasi. Hal ini menjadikan aplikasi rentan terhadap manipulasi kode. Beberapa celah keamanan yang mungkin ada meliputi manipulasi endpoint API, mengeksploitasi fitur Firebase, menemukan kredensial akun, atau penyimpanan data secara tidak aman.

Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella

idsecconf

Pandemi covid-19 melonjak pada gelombang ke-2 di. Untuk mengantisipasi itu pemerintah membagikan oximeter ke puskesmas. Oximeter yang ada dipasaran mengharuskan tenaga kesehatan untuk kontak langsung dengan pasien. Dengan menggunakan Hacked Oxymeter ini dapat mengurangi intensitas bertemu dengan pasien dan mengurangi resiko terpapar covid-19. Secara metodologi, hacking oximeter ini membaca output komunikasi serial pada alat oximeter untuk kemudian diolah oleh mikrokontroler dan dikirim ke MQTT broker untuk diteruskan ke klien yang membutuhkan. Alat ini digunakan oleh pasien yang sedang isoman di hotel, fasilitas Kesehatan atau rumah sakit darurat/lapangan

Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...

idsecconf

Eksploitasi kerentanan pada hypervisor semakin banyak diperbincangkan di beberapa tahun ini, dimulai dari kompetisi hacking Pwn2Own pada 2017 yang mengadakan kategori Virtual Machine dalam ajang lombanya, dan juga teknologi-teknologi terkini yang banyak menggunakan hypervisor seperti Cloud Computing, Malware Detection, dll. Hal tersebut menjadi ketertarikan bagi sebagian hacker, security researcher untuk mencari kelemahan dan mengeksploitasi hypervisor. Tulisan ini menjelaskan mengenai proses Vulnerability Research dan VM Escape exploitation pada VirtualBox.

Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto

idsecconf

Proses DevSecOps saat ini banyak digunakan dikalangan industri yang membutuhkan kecepatan baik dalam pengembangan maupun implementasi. Setiap tahapan pada pipeline DevSecOps merupakan tahapan yang harus diperhatikan dan masuk kedalam pantauan SOC (Security Operation Center). Untuk itu diperlukan kemampuan SOC untuk bisa memantau setiap pipeline DevSecOps sehingga dapat memberikan gambaran kondisi keamanan pada organisasi

More from idsecconf (20)

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...

idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...

idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...

idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf

idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...

idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...

idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...

Ali - The Journey-Hack Electron App Desktop (MacOS).pdf

Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...

Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf

Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...

Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf

Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...

Utian Ayuba - Profiling The Cloud Crime.pdf

Proactive cyber defence through adversary emulation for improving your securi...

Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada

Pentesting react native application for fun and profit - Abdullah

Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella

Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...

Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto

Recently uploaded

How to Get CNIC Information System with Paksim Ga.pptx

danishmna97

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Mind map of terminologies used in context of Generative AI

Kumud Singh

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Neo4j

Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

SOFTTECHHUB

As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.

Communications Mining Series - Zero to Hero - Session 1

DianaGray10

This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered: • Communication Mining Overview • Why is it important? • How can it help today’s business and the benefits • Phases in Communication Mining • Demo on Platform overview • Q/A

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...

Neo4j

Dr. Sean Tan, Head of Data Science, Changi Airport Group Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

DevOps and Testing slides at DASA Connect

Kari Kakkonen

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Neo4j

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

Large Language Model (LLM) and it’s Geospatial Applications

Rohit Gautam

Video Streaming: Then, Now, and in the Future

Alpen-Adria-Universität

In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Nexer Digital

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

みなさんこんにちはこれ何文字まで入るの？40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの？えこ...

名前です男

A tale of scale & speed: How the US Navy is enabling software delivery from l...

sonjaschweigert1

Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved: - Reduction in onboarding time from 5 weeks to 1 day - Improved developer experience and productivity through actionable findings and reduction of false positives - Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO) Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production. We will cover: - How to remove silos in DevSecOps - How to build efficient development pipeline roles and component templates - How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence) - How to streamline operations with automated policy checks on container images

Recently uploaded (20)

How to Get CNIC Information System with Paksim Ga.pptx

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

Mind map of terminologies used in context of Generative AI

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

Communications Mining Series - Zero to Hero - Session 1

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Securing your Kubernetes cluster_ a step-by-step guide to success !

DevOps and Testing slides at DASA Connect

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Monitoring Java Application Security with JDK Tools and JFR Events

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

Large Language Model (LLM) and it’s Geospatial Applications

Video Streaming: Then, Now, and in the Future

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Generative AI Deep Dive: Advancing from Proof of Concept to Production

A tale of scale & speed: How the US Navy is enabling software delivery from l...

Design of Indonesia Malware Attack Monitoring Center - Charles Lim

1. Design of Indonesia Malware Attack g Monitorin Center ng 7th Ma 2012 ay Indonesia Security Conference 2012 y Markassar Indonesia r, Charles Lim, Msc., ECSA ECSP, ECIH, CEH, CEI A, Indonesia Honeynet Project Chapter Lead

2. AGEN NDA Problem Statement Honeynet – capturin autonomous ng spreading malware Distributed Honeynet Sensors System Architecture e National Monitoring Center g Conclusion and Rec commendation 2

3. Problem S Statement IDSIRTII has experime t d with h h i ented ith honeypot t using nepenthes and ddionaea Swiss German Univers sity, independently, has also experimented hon neypot using nepenthes and dionaea for at leas 2 years st No existing grand des sign to place sensors around Indonesia and monitor actual malware attacks around Indone esia 3

4. Hone eynet Honeynet is a collectio of honeypots on “Is a decoy that is use to lured malware or ed attacker (hacker).” (hacker) ” “It is a computer that h have no production value, so if it is compr romised or destroyed should not affect the aactivities of the companies.” p 4

5. Honeypot Based on Interaction d Two kinds of honeypo : ot Low Interaction Honeypo ot High Interaction Honeyp pot 5

6. Low Interactio Honeypot on Do not implements actual service Disguise as a real s system Good for finding known attack and g expected behavior Usually automated Lower cost needed Example : Nepenthe Amun, Dionaea es, 6

7. High Interaction Honeypot It is a “real” system usually with m different configuration than the real g system. Riskier than Low-Interacti it d e to Lo Interactivity due “Allow all” configur ration Difficult to maintain and manually n configure Higher cost needed Example : Physical HIH, Virtual HIH 7

8. Table of Co omparison Low-inte eraction High-interaction Degree of interaction Lo ow High Real operating system No N Yes Risk Lo ow High Knowledge gain Connectio on/Request Everything Can be conquered No N Yes Maintenance time Lo ow High 8

9. SGU Honeynet Project y 9

10. SGU Honeynet Report y 10

11. SGU Honeynet Report y 11

12. SGU Honeynet Report y 12

13. Distributed Hon neynet Sensors Indonesia Honeynet Malwar Repository re 13

14. System Ar rchitecture In Progress

15. National Monitoring Center Design for National Mo onitoring Center for Malware Attack proposal is work in progress KEMKOMINFO has committed to the work and the first pilot will invol about 10 nodes lve within this year in diffeerent cities in Indonesia

16. National Conference 1st Academy CERT on Malware Research http://www.sgu.ac.id/aca ademy cert meeting ademy-cert-meeting 2nd Academy CSIRT on Malware Lab Setup n http://www.slideshare.net/ h l li / htt // lid h et/charles.lim/workshop-on- k h setting-up-malware-lab 3rd A d d Academy CSIRT on M l n Malware Reporting R ti To be held on 30th May t 2nd June 2012, to http://csirt.itmaranatha.o org/event/201205/

17. International Conference SecureAsia 2011, Jaka arta, Indonesia http://www.informationse ecurityasia.com/2011/confere nce/agenda.html FIRST 2012 Conferenc Bali, Indonesia ce, http://event.idsirtii.or.id/w wp- content/uploads/2011/10 0/FIRST-TC-PROGRAMS- LATEST-UPDATE1.pdf

18. Thank You Th k Y

19. Questions t 19

Design of Indonesia Malware Attack Monitoring Center - Charles Lim

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (20)

Similar to Design of Indonesia Malware Attack Monitoring Center - Charles Lim

Similar to Design of Indonesia Malware Attack Monitoring Center - Charles Lim (20)

More from idsecconf

More from idsecconf (20)

Recently uploaded

Recently uploaded (20)

Design of Indonesia Malware Attack Monitoring Center - Charles Lim