Lambda Forensics & Incident Response.pdf
•
0 likes•9 views
This talk will focus on the use of AWS Lambda for incident response and forensics. AWS Lambda is a serverless computing service that allows developers to run code without the need for traditional infrastructure. However, this serverless approach can make it challenging to conduct investigations and respond to incidents. In this talk, we will discuss the tools and techniques available for collecting and analyzing data in Lambda environments. We will also cover how to use AWS CloudTrail and AWS Config for real-time threat detection and response. Additionally, we will discuss best practices for securing Lambda functions and preventing incidents from occurring in the first place. Attendees will come away with a solid understanding of how to use Lambda for incident response and forensics and be better equipped to handle security incidents in serverless environments.
Report
Share
Report
Share
Download to read offline
Recommended
Five Reasons Why You Need Cloud Investigation & Response Automation
With more than 60% of corporate data currently stored in the cloud, cloud computing has influenced a true renaissance in how we manage and deliver applications and services. The appeal of migrating to the cloud is clear – greater speed, agility, flexibility, cost savings, and more. However, digital transformation also poses new security challenges -- especially when it comes to forensics and incident response.
This white paper covers five reasons why you need Cloud Investigation and Response Automation to ensure your organization is equipped to efficiently understand and respond to cloud threats.
Developers are there, attackers are there, you need to be there too!
Cloud experts are hard to find
Risk escalates at cloud speed
Multi-cloud is on the rise
Ephemeral means data
disappears in the blink of an eye
Azure Incident Response Cheat Sheet.pdf
This document provides an overview of tools and best practices for incident response in an Azure environment. It summarizes key Azure Active Directory commands for identifying and deactivating compromised user accounts. It also outlines how to identify legacy authentication methods, applications using AD authentication, and snapshots that can be used for forensics. Additional sections cover extracting logs from Azure, restricting administrative access, requiring multi-factor authentication, and enabling logging.
AWS Incident Response Cheat Sheet.pdf
With the rapid migration to the cloud,
it’s becoming increasingly difficult to keep track
of all of the different data sources, commands,
and tools available from each Cloud Service
Provider (CSP). This cheat sheet was designed
to provide security professionals with an overview
of key best practices, data sources and tools that
they can have at their disposal when responding
to an incident in an AWS environment.
A New Perspective on Resource-Level Cloud Forensics
AWS classifies cloud incidents across three domains: Service, Infrastructure and Application. There has been much previous discussion across the Service and Application domains, see for example the excellent SANS DFIR 2022 Keynote. This talk will focus on the unique challenges and opportunities of responding to incidents in the Infrastructure domain. Cloud Service Providers, such as AWS, GCP and Azure, often introduce artifacts of forensic value when developing features for automation and monitoring of resources. Typically, these artifacts are undocumented and exist purely for the provider's own troubleshooting, but they also provide valuable insight to an investigator analyzing malicious activity on a system. Frequently, this insight surpasses that of “provider-supported” forensic data sources. Most of the discourse around performing forensics in the cloud focuses on provider-level logging. While this is undoubtedly useful, practitioners understand that resource-level forensic analysis is crucial when responding to incidents affecting cloud infrastructure. And much of this knowledge remains opaque and undocumented. In this presentation, Chris Doman, CTO of Cado Security will present novel research of undocumented forensic artifacts from cloud service provider specific operating systems and tools. He will provide the audience with an overview of forensic techniques across cloud compute and serverless environments. He will also discuss native operating system artifacts, contrast them with their cloud equivalents and consider their usefulness in the context of the cloud. Attendees can expect to gain a unique perspective on resource-level cloud forensics and should leave the talk with a host of new data sources and knowledge for performing forensic analysis of cloud resources.
Cloud Forensics Tools
This document lists several cloud forensics tools including Cloud Forensics Utils from Google which is an open source toolkit for analyzing cloud services, Prowler which is an open source tool for security assessment of AWS environments, varc which is a tool from Cado Security for analyzing AWS VPC flow logs, and ThreatResponse which is a cloud-based platform for investigating security incidents and automating response. It also mentions Cado Response which is a commercial platform from Cado Security and an automated forensics orchestrator for Amazon EC2 from AWS.
Cloud Forensics and Incident Response Training.pdf
The document provides an overview of a free training program from Cado Security that covers cloud forensics and incident response fundamentals for AWS, Azure, and GCP, including topics such as digital forensics principles, investigative models, incident response planning, gathering an incident response team, running investigations, and containment and remediation. It also promotes Cado Security's incident response platform for investigating incidents at cloud speed.
AWS Guard Duty Forensics & Incident Response.pdf
"AWS Guard Duty Forensics & Incident Response" provides an overview of the AWS Guard Duty service and its forensic capabilities. AWS Guard Duty is a managed threat detection service that continuously monitors the AWS environment for potential malicious activity. The talk focuses on how Guard Duty can be used for incident response by providing detailed forensic data that can be used to investigate security incidents.
EKS Forensics & Incident Response.pdf
"EKS Forensics & Incident Response" will explore the critical role of Elastic Kubernetes Service (EKS) in incident response and forensic investigations. The presentation will begin by discussing the current threat landscape and the need for organizations to have a well-defined incident response plan in place to mitigate risks effectively.
The speaker will then delve into the various phases of incident response, including preparation, identification, containment, eradication, and recovery. The focus will be on how EKS can be leveraged to perform forensics investigations during the identification phase, with an emphasis on the tools and techniques available for gathering data and analyzing events.
The talk will also cover the unique challenges associated with conducting forensic investigations in a containerized environment and the strategies for overcoming these challenges. Attendees will learn how EKS can facilitate forensic investigations in containerized environments by providing rich telemetry data, monitoring tools, and analysis capabilities.
Finally, the presentation will emphasize the importance of communication and collaboration between security teams and other stakeholders in the organization during an incident. Attendees will leave with a deeper understanding of how EKS can play a vital role in incident response and forensics investigations, and practical strategies for improving their organization's security posture.
Recommended
Five Reasons Why You Need Cloud Investigation & Response Automation
With more than 60% of corporate data currently stored in the cloud, cloud computing has influenced a true renaissance in how we manage and deliver applications and services. The appeal of migrating to the cloud is clear – greater speed, agility, flexibility, cost savings, and more. However, digital transformation also poses new security challenges -- especially when it comes to forensics and incident response.
This white paper covers five reasons why you need Cloud Investigation and Response Automation to ensure your organization is equipped to efficiently understand and respond to cloud threats.
Developers are there, attackers are there, you need to be there too!
Cloud experts are hard to find
Risk escalates at cloud speed
Multi-cloud is on the rise
Ephemeral means data
disappears in the blink of an eye
Azure Incident Response Cheat Sheet.pdf
This document provides an overview of tools and best practices for incident response in an Azure environment. It summarizes key Azure Active Directory commands for identifying and deactivating compromised user accounts. It also outlines how to identify legacy authentication methods, applications using AD authentication, and snapshots that can be used for forensics. Additional sections cover extracting logs from Azure, restricting administrative access, requiring multi-factor authentication, and enabling logging.
AWS Incident Response Cheat Sheet.pdf
With the rapid migration to the cloud,
it’s becoming increasingly difficult to keep track
of all of the different data sources, commands,
and tools available from each Cloud Service
Provider (CSP). This cheat sheet was designed
to provide security professionals with an overview
of key best practices, data sources and tools that
they can have at their disposal when responding
to an incident in an AWS environment.
A New Perspective on Resource-Level Cloud Forensics
AWS classifies cloud incidents across three domains: Service, Infrastructure and Application. There has been much previous discussion across the Service and Application domains, see for example the excellent SANS DFIR 2022 Keynote. This talk will focus on the unique challenges and opportunities of responding to incidents in the Infrastructure domain. Cloud Service Providers, such as AWS, GCP and Azure, often introduce artifacts of forensic value when developing features for automation and monitoring of resources. Typically, these artifacts are undocumented and exist purely for the provider's own troubleshooting, but they also provide valuable insight to an investigator analyzing malicious activity on a system. Frequently, this insight surpasses that of “provider-supported” forensic data sources. Most of the discourse around performing forensics in the cloud focuses on provider-level logging. While this is undoubtedly useful, practitioners understand that resource-level forensic analysis is crucial when responding to incidents affecting cloud infrastructure. And much of this knowledge remains opaque and undocumented. In this presentation, Chris Doman, CTO of Cado Security will present novel research of undocumented forensic artifacts from cloud service provider specific operating systems and tools. He will provide the audience with an overview of forensic techniques across cloud compute and serverless environments. He will also discuss native operating system artifacts, contrast them with their cloud equivalents and consider their usefulness in the context of the cloud. Attendees can expect to gain a unique perspective on resource-level cloud forensics and should leave the talk with a host of new data sources and knowledge for performing forensic analysis of cloud resources.
Cloud Forensics Tools
This document lists several cloud forensics tools including Cloud Forensics Utils from Google which is an open source toolkit for analyzing cloud services, Prowler which is an open source tool for security assessment of AWS environments, varc which is a tool from Cado Security for analyzing AWS VPC flow logs, and ThreatResponse which is a cloud-based platform for investigating security incidents and automating response. It also mentions Cado Response which is a commercial platform from Cado Security and an automated forensics orchestrator for Amazon EC2 from AWS.
Cloud Forensics and Incident Response Training.pdf
The document provides an overview of a free training program from Cado Security that covers cloud forensics and incident response fundamentals for AWS, Azure, and GCP, including topics such as digital forensics principles, investigative models, incident response planning, gathering an incident response team, running investigations, and containment and remediation. It also promotes Cado Security's incident response platform for investigating incidents at cloud speed.
AWS Guard Duty Forensics & Incident Response.pdf
"AWS Guard Duty Forensics & Incident Response" provides an overview of the AWS Guard Duty service and its forensic capabilities. AWS Guard Duty is a managed threat detection service that continuously monitors the AWS environment for potential malicious activity. The talk focuses on how Guard Duty can be used for incident response by providing detailed forensic data that can be used to investigate security incidents.
EKS Forensics & Incident Response.pdf
"EKS Forensics & Incident Response" will explore the critical role of Elastic Kubernetes Service (EKS) in incident response and forensic investigations. The presentation will begin by discussing the current threat landscape and the need for organizations to have a well-defined incident response plan in place to mitigate risks effectively.
The speaker will then delve into the various phases of incident response, including preparation, identification, containment, eradication, and recovery. The focus will be on how EKS can be leveraged to perform forensics investigations during the identification phase, with an emphasis on the tools and techniques available for gathering data and analyzing events.
The talk will also cover the unique challenges associated with conducting forensic investigations in a containerized environment and the strategies for overcoming these challenges. Attendees will learn how EKS can facilitate forensic investigations in containerized environments by providing rich telemetry data, monitoring tools, and analysis capabilities.
Finally, the presentation will emphasize the importance of communication and collaboration between security teams and other stakeholders in the organization during an incident. Attendees will leave with a deeper understanding of how EKS can play a vital role in incident response and forensics investigations, and practical strategies for improving their organization's security posture.
AWS IAM Forensics & Incident Response
In today's cloud-based infrastructure, AWS IAM (Identity and Access Management) is one of the most critical components for ensuring security. However, despite the many safeguards in place, IAM-related incidents can occur, ranging from simple misconfigurations to full-blown attacks. In this talk, we will discuss how to perform forensics and incident response for AWS IAM. We will cover the tools and techniques necessary to investigate and identify root causes of IAM incidents. We will also discuss how to mitigate and remediate incidents, as well as how to implement proactive measures to prevent future incidents. By the end of this talk, attendees will have a better understanding of how to effectively handle AWS IAM-related incidents and ensure the security of their AWS environments.
AWS Forensics & Incident Response
Participants will learn how to:
Understand AWS security features and best practices
Conduct forensics investigations in AWS environments
Identify and collect relevant data for investigations
Analyze AWS logs to identify indicators of compromise
Respond to security incidents in AWS
Case Studies Denonia - Lambda DFIR.pdf
This talk covers an example of DFIR / responding to an attack in AWS Lambda. It focuses on the malware Denonia.
Cloud Security Fundamentals for Forensics and Incident Response.pdf
As organizations continue to adopt cloud-based infrastructures, the need for effective cloud security measures has become increasingly important. In this talk, we will discuss the fundamentals of cloud security as it pertains to forensics and incident response. We will cover topics such as cloud service models, shared responsibility models, and the various security controls available within cloud environments. We will also discuss common cloud security incidents and how to perform effective incident response and forensics in the cloud. Attendees will leave with a better understanding of how to secure their cloud environments and effectively respond to incidents when they occur.
AWS Detective Forensics & Incident Response.pdf
The AWS Detective Forensics & Incident Response talk will focus on the benefits of using AWS Detective for forensic analysis and incident response. The talk will provide an overview of AWS Detective and its capabilities, including how it can help investigate security incidents and provide visual representations of the investigation results. The talk will also cover key considerations and best practices for implementing effective incident response processes using AWS Detective, such as setting up AWS Detective and integrating it with other AWS services. Additionally, the talk will delve into the importance of forensic analysis in identifying the root cause of security incidents and how AWS Detective can help perform effective forensic investigations. The talk will also include examples of how AWS Detective has been used to detect and remediate security incidents in real-world scenarios, and best practices for using AWS Detective to improve overall security posture.
Google Cloud Forensics & Incident Response
Google Cloud Platform (GCP) provides a variety of services that enable businesses to manage their computing resources in the cloud. However, as with any cloud platform, incidents and cyberattacks can occur, which can compromise the security and privacy of data.
In this talk, we will discuss the process of conducting forensics and incident response investigations on the GCP. We will begin by providing an overview of the GCP security model and the tools available for monitoring and managing security incidents.
We will then dive into the different types of incidents that can occur on the GCP, such as data breaches, unauthorized access, and malware infections. We will cover how to identify these incidents and gather the necessary information for forensic investigation.
Next, we will discuss the forensic investigation process for the GCP. We will cover topics such as evidence collection and preservation, analysis of logs and network traffic, and identification of the root cause of the incident.
Finally, we will discuss best practices for incident response on the GCP, including how to contain and mitigate the impact of an incident, and how to communicate the incident to stakeholders.
GKE Forensics & Incident Response.pdf
This document discusses Google Kubernetes Engine (GKE) forensics and incident response. It provides a link to the GKE documentation on cluster architecture and mentions Cado Security's incident response platform, which offers a free 14-day trial to access unlimited use of their response tools.
AWS SSM Forensics and Incident Response
The document discusses AWS SSM forensics and incident response. It provides three links about AWS SSM logging - one detailing what logging is available in the AWS SSM console, another describing what SSM logs are stored on disk, and a third promoting a 14-day free trial of the Cado Response Platform for incident investigation.
Kubernetes Docker Forensics & Incident Response.pdf
The talk "Kubernetes and Docker Forensics & Incident Response" will focus on the Digital Forensics and Incident Response (DFIR) investigation of containerized environments using Kubernetes and Docker. With the increasing adoption of containerization technologies, it is crucial for organizations to have a robust security strategy in place to handle security incidents.
This talk will cover the key concepts of containerization technologies such as Docker and Kubernetes, and their security implications. We will discuss the forensic techniques and methodologies that can be used to identify the root cause of security incidents in these environments, including container forensics, network traffic analysis, and memory forensics.
The talk will also provide insights into the challenges and limitations of conducting a DFIR investigation in a containerized environment, such as the ephemeral nature of containers and the need for specialized tooling.
Attendees will learn about the best practices for implementing logging and monitoring in Docker and Kubernetes environments, as well as the importance of having a well-defined incident response plan for containerized environments.
Overall, this talk will provide valuable insights into the DFIR investigation of containerized environments using Kubernetes and Docker, and how organizations can better prepare themselves to respond to security incidents in these environments.
Case Studies TeamTNT - AWS & Container Cryptomining Worm DFIR.pdf
The talk "Case Studies TeamTNT - AWS & Container Cryptomining Worm DFIR" goes into the incident response investigation into a container cryptomining worm attack perpetrated by the hacking group TeamTNT. The presentation will focus on the use of AWS and container technology in the attack and how these tools were leveraged in the investigation. Attendees will learn about the tools and techniques used to identify and contain the attack, as well as lessons learned from the incident response. The presentation will cover the importance of monitoring container environments for security threats and implementing best practices for AWS security. Additionally the talk will highlight the use of machine learning and automation in the incident response process. By the end of the presentation, attendees will gain a better understanding of the challenges and opportunities of conducting DFIR investigations in cloud environments and with container technology.
EC2 Forensics & Incident Response.pdf
"EC2 Forensics & Incident Response" will focus on the crucial role of Elastic Compute Cloud (EC2) in incident response and forensics investigations. The presentation will begin by discussing the current threat landscape and the need for organizations to have a robust incident response plan in place to effectively mitigate security risks.
The speaker will then outline the various phases of incident response, including preparation, identification, containment, eradication, and recovery. The talk will emphasize how EC2 can be leveraged to perform forensics investigations during the identification phase, with a focus on the tools and techniques available for collecting data and analyzing events.
The presentation will also cover the unique challenges associated with conducting forensic investigations in the EC2 environment and the strategies for overcoming these challenges. Attendees will learn how to use EC2 monitoring and analysis tools to collect and preserve evidence during investigations.
ECS Forensics & Incident Response
"ECS Forensics & Incident Response" will focus on the importance of implementing an effective incident response plan and the role of ECS (Elastic Container Service) in conducting forensic investigations. The presentation will begin by discussing the current threat landscape and the need for organizations to prepare for security incidents proactively. The speaker will then outline the various phases of incident response, including preparation, identification, containment, eradication, and recovery.
The talk will also cover how ECS can be leveraged to perform forensics investigations during the identification phase, with a focus on the various tools and techniques that can be used to gather data and analyze events. The speaker will discuss the challenges associated with conducting forensic investigations in a containerized environment and provide best practices for overcoming these challenges.
Finally, the presentation will highlight the importance of collaboration between security teams and other stakeholders within the organization, emphasizing the need for communication and coordination during an incident. Attendees will leave with a deeper understanding of how ECS can play a critical role in incident response and forensics investigations, and with practical tips for improving their organization's security posture.
Azure Forensics & Incident Response
This talk will focus on the use of Microsoft Azure for incident response and forensics. As more organizations move their infrastructure to the cloud, it is important to understand how to effectively respond to security incidents in these environments. We will discuss the tools and techniques available in Azure for collecting and analyzing data during an incident response. We will also cover how to use Azure Security Center and Azure Sentinel for real-time threat detection and response. Additionally, we will cover best practices for securing Azure resources and preventing incidents from occurring in the first place. Attendees will come away with a solid understanding of how to use Azure for incident response and forensics and be better equipped to handle security incidents in the cloud.
Azure Kubernetes Service (AKS) Forensics & Incident Response
"Azure Kubernetes Service (AKS) Forensics & Incident Response" will cover the various aspects of Kubernetes security, the different types of attacks that can occur, and how to conduct a forensics investigation and respond to incidents on Azure Kubernetes Service (AKS). The talk will discuss the best practices for securing AKS, including how to configure network policies, manage access control, and monitor logs for suspicious activity. It will also cover the tools and techniques that can be used for incident response, such as identifying the root cause of an incident, isolating affected nodes, and collecting evidence for forensic analysis. The audience will gain a deeper understanding of Kubernetes security, how to secure AKS, and how to effectively respond to incidents in the event of a security breach.
AWS Log Forensics & Incident Response
"AWS Log Forensics & Incident Response" provides an overview of AWS logging services and their use in forensic investigations of security incidents. The talk begins with an explanation of the importance of logging in detecting and responding to security incidents in AWS environments. The speaker then introduces the different types of logs available in AWS, including CloudTrail, VPC Flow Logs, and AWS Config Logs.
The speaker goes on to explain the different techniques and tools that can be used to analyze logs for incident response, such as log aggregation and correlation, pattern matching, and log visualization. The talk also covers best practices for configuring and managing logging services in AWS to ensure maximum visibility into potential security threats.
The second part of the talk focuses on the practical aspects of using AWS log forensics for incident response. The speaker walks the audience through a hypothetical security incident and demonstrates how different types of logs can be used to identify the root cause of the incident and determine the scope of the compromise. The talk concludes with a discussion of the importance of developing an effective incident response plan that includes logging and log analysis as a key component.
Security Hub Forensics & Incident Response
The Security Hub Forensics & Incident Response talk will focus on the importance of implementing incident response processes and leveraging the AWS Security Hub to detect, investigate, and remediate security incidents in a timely and efficient manner. The talk will provide an overview of the AWS Security Hub and its capabilities, including how it can help centralize and automate the security alerts and findings across multiple AWS accounts and third-party services. The talk will also cover key considerations and best practices for implementing effective incident response processes, such as establishing clear incident response roles and responsibilities, defining a response plan, and conducting post-incident reviews.
Case Studies A Kubernetes DFIR investigation.pdf
The talk "Case Studies A Kubernetes DFIR investigation" will focus on the Digital Forensics and Incident Response (DFIR) investigation of Kubernetes clusters. Kubernetes is a popular container orchestration platform used by many organizations to manage their containerized applications. However, like any other technology, Kubernetes clusters are also prone to security incidents, and therefore, require proper DFIR procedures to be followed in case of a breach.
In this talk, we will discuss the DFIR investigation of three real-world Kubernetes security incidents that we have encountered. We will walk through the forensic techniques and methodologies that were used to identify the root cause of the incidents, including the use of Kubernetes audit logs, network traffic analysis, and memory forensics.
We will also discuss the challenges that were faced during the investigation and the lessons learned from each incident. The audience will learn about the importance of implementing proper logging and monitoring for Kubernetes clusters, as well as the need for a well-defined incident response plan.
Overall, this talk will provide valuable insights into the DFIR investigation of Kubernetes clusters, and how organizations can better prepare themselves to respond to security incidents in their Kubernetes environments.
GCP Compute Engine Forensics & Incident Response
The GCP Compute Engine is a powerful platform for hosting and managing virtual machines, but like any system, it is not immune to incidents and cyberattacks. In this talk, we will explore how to conduct forensics and incident response investigations on the GCP Compute Engine.
We will begin by discussing the basics of the GCP Compute Engine, including its architecture and security features. We will then cover the various types of incidents that can occur on the Compute Engine, such as malware infections, data breaches, and unauthorized access.
Next, we will delve into the forensic process for investigating incidents on the Compute Engine. We will cover topics such as collecting and preserving evidence, analyzing logs and network traffic, and identifying the root cause of the incident.
Finally, we will discuss best practices for incident response on the Compute Engine, including how to contain and mitigate the impact of an incident, and how to report and communicate the incident to stakeholders.
Digital Forensics & Incident Response Automation in the Cloud
The talk "Digital Forensics & Incident Response Automation in the Cloud" will focus on the benefits and challenges of automating Digital Forensics and Incident Response (DFIR) in cloud environments. As more organizations move their workloads to the cloud, there is a growing need for automation to handle security incidents at scale.
This talk will cover the key concepts of cloud environments, including Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). We will discuss the benefits of automating DFIR in the cloud, including increased efficiency, faster incident response times, and reduced manual errors.
We will also discuss the challenges of automating DFIR in the cloud, including the need for specialized tooling, the complexity of cloud environments, and the security implications of automated workflows.
Digital Forensics & Incident Response Fundamentals.pdf
Digital forensics and incident response (DFIR) are crucial areas in the field of cybersecurity, involving the identification, analysis, and response to security incidents. In this talk, we talk about the fundamentals of DFIR, including the key concepts and techniques used to investigate and respond to cyber attacks. We will explore the various phases of incident response, from initial detection/ triage to postincident analysis and remediation. We will also discuss the importance of preserving and analyzing digital evidence, as well as the legal and ethical considerations involved in conducting DFIR investigations. Whether you are a seasoned cybersecurity professional or just starting out in the field thetalk will provide valuable insights into the fundamentals of digital forensics and incident response.
Epistemic Interaction - tuning interfaces to provide information for AI support
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
More Related Content
More from Christopher Doman
AWS IAM Forensics & Incident Response
In today's cloud-based infrastructure, AWS IAM (Identity and Access Management) is one of the most critical components for ensuring security. However, despite the many safeguards in place, IAM-related incidents can occur, ranging from simple misconfigurations to full-blown attacks. In this talk, we will discuss how to perform forensics and incident response for AWS IAM. We will cover the tools and techniques necessary to investigate and identify root causes of IAM incidents. We will also discuss how to mitigate and remediate incidents, as well as how to implement proactive measures to prevent future incidents. By the end of this talk, attendees will have a better understanding of how to effectively handle AWS IAM-related incidents and ensure the security of their AWS environments.
AWS Forensics & Incident Response
Participants will learn how to:
Understand AWS security features and best practices
Conduct forensics investigations in AWS environments
Identify and collect relevant data for investigations
Analyze AWS logs to identify indicators of compromise
Respond to security incidents in AWS
Case Studies Denonia - Lambda DFIR.pdf
This talk covers an example of DFIR / responding to an attack in AWS Lambda. It focuses on the malware Denonia.
Cloud Security Fundamentals for Forensics and Incident Response.pdf
As organizations continue to adopt cloud-based infrastructures, the need for effective cloud security measures has become increasingly important. In this talk, we will discuss the fundamentals of cloud security as it pertains to forensics and incident response. We will cover topics such as cloud service models, shared responsibility models, and the various security controls available within cloud environments. We will also discuss common cloud security incidents and how to perform effective incident response and forensics in the cloud. Attendees will leave with a better understanding of how to secure their cloud environments and effectively respond to incidents when they occur.
AWS Detective Forensics & Incident Response.pdf
The AWS Detective Forensics & Incident Response talk will focus on the benefits of using AWS Detective for forensic analysis and incident response. The talk will provide an overview of AWS Detective and its capabilities, including how it can help investigate security incidents and provide visual representations of the investigation results. The talk will also cover key considerations and best practices for implementing effective incident response processes using AWS Detective, such as setting up AWS Detective and integrating it with other AWS services. Additionally, the talk will delve into the importance of forensic analysis in identifying the root cause of security incidents and how AWS Detective can help perform effective forensic investigations. The talk will also include examples of how AWS Detective has been used to detect and remediate security incidents in real-world scenarios, and best practices for using AWS Detective to improve overall security posture.
Google Cloud Forensics & Incident Response
Google Cloud Platform (GCP) provides a variety of services that enable businesses to manage their computing resources in the cloud. However, as with any cloud platform, incidents and cyberattacks can occur, which can compromise the security and privacy of data.
In this talk, we will discuss the process of conducting forensics and incident response investigations on the GCP. We will begin by providing an overview of the GCP security model and the tools available for monitoring and managing security incidents.
We will then dive into the different types of incidents that can occur on the GCP, such as data breaches, unauthorized access, and malware infections. We will cover how to identify these incidents and gather the necessary information for forensic investigation.
Next, we will discuss the forensic investigation process for the GCP. We will cover topics such as evidence collection and preservation, analysis of logs and network traffic, and identification of the root cause of the incident.
Finally, we will discuss best practices for incident response on the GCP, including how to contain and mitigate the impact of an incident, and how to communicate the incident to stakeholders.
GKE Forensics & Incident Response.pdf
This document discusses Google Kubernetes Engine (GKE) forensics and incident response. It provides a link to the GKE documentation on cluster architecture and mentions Cado Security's incident response platform, which offers a free 14-day trial to access unlimited use of their response tools.
AWS SSM Forensics and Incident Response
The document discusses AWS SSM forensics and incident response. It provides three links about AWS SSM logging - one detailing what logging is available in the AWS SSM console, another describing what SSM logs are stored on disk, and a third promoting a 14-day free trial of the Cado Response Platform for incident investigation.
Kubernetes Docker Forensics & Incident Response.pdf
The talk "Kubernetes and Docker Forensics & Incident Response" will focus on the Digital Forensics and Incident Response (DFIR) investigation of containerized environments using Kubernetes and Docker. With the increasing adoption of containerization technologies, it is crucial for organizations to have a robust security strategy in place to handle security incidents.
This talk will cover the key concepts of containerization technologies such as Docker and Kubernetes, and their security implications. We will discuss the forensic techniques and methodologies that can be used to identify the root cause of security incidents in these environments, including container forensics, network traffic analysis, and memory forensics.
The talk will also provide insights into the challenges and limitations of conducting a DFIR investigation in a containerized environment, such as the ephemeral nature of containers and the need for specialized tooling.
Attendees will learn about the best practices for implementing logging and monitoring in Docker and Kubernetes environments, as well as the importance of having a well-defined incident response plan for containerized environments.
Overall, this talk will provide valuable insights into the DFIR investigation of containerized environments using Kubernetes and Docker, and how organizations can better prepare themselves to respond to security incidents in these environments.
Case Studies TeamTNT - AWS & Container Cryptomining Worm DFIR.pdf
The talk "Case Studies TeamTNT - AWS & Container Cryptomining Worm DFIR" goes into the incident response investigation into a container cryptomining worm attack perpetrated by the hacking group TeamTNT. The presentation will focus on the use of AWS and container technology in the attack and how these tools were leveraged in the investigation. Attendees will learn about the tools and techniques used to identify and contain the attack, as well as lessons learned from the incident response. The presentation will cover the importance of monitoring container environments for security threats and implementing best practices for AWS security. Additionally the talk will highlight the use of machine learning and automation in the incident response process. By the end of the presentation, attendees will gain a better understanding of the challenges and opportunities of conducting DFIR investigations in cloud environments and with container technology.
EC2 Forensics & Incident Response.pdf
"EC2 Forensics & Incident Response" will focus on the crucial role of Elastic Compute Cloud (EC2) in incident response and forensics investigations. The presentation will begin by discussing the current threat landscape and the need for organizations to have a robust incident response plan in place to effectively mitigate security risks.
The speaker will then outline the various phases of incident response, including preparation, identification, containment, eradication, and recovery. The talk will emphasize how EC2 can be leveraged to perform forensics investigations during the identification phase, with a focus on the tools and techniques available for collecting data and analyzing events.
The presentation will also cover the unique challenges associated with conducting forensic investigations in the EC2 environment and the strategies for overcoming these challenges. Attendees will learn how to use EC2 monitoring and analysis tools to collect and preserve evidence during investigations.
ECS Forensics & Incident Response
"ECS Forensics & Incident Response" will focus on the importance of implementing an effective incident response plan and the role of ECS (Elastic Container Service) in conducting forensic investigations. The presentation will begin by discussing the current threat landscape and the need for organizations to prepare for security incidents proactively. The speaker will then outline the various phases of incident response, including preparation, identification, containment, eradication, and recovery.
The talk will also cover how ECS can be leveraged to perform forensics investigations during the identification phase, with a focus on the various tools and techniques that can be used to gather data and analyze events. The speaker will discuss the challenges associated with conducting forensic investigations in a containerized environment and provide best practices for overcoming these challenges.
Finally, the presentation will highlight the importance of collaboration between security teams and other stakeholders within the organization, emphasizing the need for communication and coordination during an incident. Attendees will leave with a deeper understanding of how ECS can play a critical role in incident response and forensics investigations, and with practical tips for improving their organization's security posture.
Azure Forensics & Incident Response
This talk will focus on the use of Microsoft Azure for incident response and forensics. As more organizations move their infrastructure to the cloud, it is important to understand how to effectively respond to security incidents in these environments. We will discuss the tools and techniques available in Azure for collecting and analyzing data during an incident response. We will also cover how to use Azure Security Center and Azure Sentinel for real-time threat detection and response. Additionally, we will cover best practices for securing Azure resources and preventing incidents from occurring in the first place. Attendees will come away with a solid understanding of how to use Azure for incident response and forensics and be better equipped to handle security incidents in the cloud.
Azure Kubernetes Service (AKS) Forensics & Incident Response
"Azure Kubernetes Service (AKS) Forensics & Incident Response" will cover the various aspects of Kubernetes security, the different types of attacks that can occur, and how to conduct a forensics investigation and respond to incidents on Azure Kubernetes Service (AKS). The talk will discuss the best practices for securing AKS, including how to configure network policies, manage access control, and monitor logs for suspicious activity. It will also cover the tools and techniques that can be used for incident response, such as identifying the root cause of an incident, isolating affected nodes, and collecting evidence for forensic analysis. The audience will gain a deeper understanding of Kubernetes security, how to secure AKS, and how to effectively respond to incidents in the event of a security breach.
AWS Log Forensics & Incident Response
"AWS Log Forensics & Incident Response" provides an overview of AWS logging services and their use in forensic investigations of security incidents. The talk begins with an explanation of the importance of logging in detecting and responding to security incidents in AWS environments. The speaker then introduces the different types of logs available in AWS, including CloudTrail, VPC Flow Logs, and AWS Config Logs.
The speaker goes on to explain the different techniques and tools that can be used to analyze logs for incident response, such as log aggregation and correlation, pattern matching, and log visualization. The talk also covers best practices for configuring and managing logging services in AWS to ensure maximum visibility into potential security threats.
The second part of the talk focuses on the practical aspects of using AWS log forensics for incident response. The speaker walks the audience through a hypothetical security incident and demonstrates how different types of logs can be used to identify the root cause of the incident and determine the scope of the compromise. The talk concludes with a discussion of the importance of developing an effective incident response plan that includes logging and log analysis as a key component.
Security Hub Forensics & Incident Response
The Security Hub Forensics & Incident Response talk will focus on the importance of implementing incident response processes and leveraging the AWS Security Hub to detect, investigate, and remediate security incidents in a timely and efficient manner. The talk will provide an overview of the AWS Security Hub and its capabilities, including how it can help centralize and automate the security alerts and findings across multiple AWS accounts and third-party services. The talk will also cover key considerations and best practices for implementing effective incident response processes, such as establishing clear incident response roles and responsibilities, defining a response plan, and conducting post-incident reviews.
Case Studies A Kubernetes DFIR investigation.pdf
The talk "Case Studies A Kubernetes DFIR investigation" will focus on the Digital Forensics and Incident Response (DFIR) investigation of Kubernetes clusters. Kubernetes is a popular container orchestration platform used by many organizations to manage their containerized applications. However, like any other technology, Kubernetes clusters are also prone to security incidents, and therefore, require proper DFIR procedures to be followed in case of a breach.
In this talk, we will discuss the DFIR investigation of three real-world Kubernetes security incidents that we have encountered. We will walk through the forensic techniques and methodologies that were used to identify the root cause of the incidents, including the use of Kubernetes audit logs, network traffic analysis, and memory forensics.
We will also discuss the challenges that were faced during the investigation and the lessons learned from each incident. The audience will learn about the importance of implementing proper logging and monitoring for Kubernetes clusters, as well as the need for a well-defined incident response plan.
Overall, this talk will provide valuable insights into the DFIR investigation of Kubernetes clusters, and how organizations can better prepare themselves to respond to security incidents in their Kubernetes environments.
GCP Compute Engine Forensics & Incident Response
The GCP Compute Engine is a powerful platform for hosting and managing virtual machines, but like any system, it is not immune to incidents and cyberattacks. In this talk, we will explore how to conduct forensics and incident response investigations on the GCP Compute Engine.
We will begin by discussing the basics of the GCP Compute Engine, including its architecture and security features. We will then cover the various types of incidents that can occur on the Compute Engine, such as malware infections, data breaches, and unauthorized access.
Next, we will delve into the forensic process for investigating incidents on the Compute Engine. We will cover topics such as collecting and preserving evidence, analyzing logs and network traffic, and identifying the root cause of the incident.
Finally, we will discuss best practices for incident response on the Compute Engine, including how to contain and mitigate the impact of an incident, and how to report and communicate the incident to stakeholders.
Digital Forensics & Incident Response Automation in the Cloud
The talk "Digital Forensics & Incident Response Automation in the Cloud" will focus on the benefits and challenges of automating Digital Forensics and Incident Response (DFIR) in cloud environments. As more organizations move their workloads to the cloud, there is a growing need for automation to handle security incidents at scale.
This talk will cover the key concepts of cloud environments, including Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). We will discuss the benefits of automating DFIR in the cloud, including increased efficiency, faster incident response times, and reduced manual errors.
We will also discuss the challenges of automating DFIR in the cloud, including the need for specialized tooling, the complexity of cloud environments, and the security implications of automated workflows.
Digital Forensics & Incident Response Fundamentals.pdf
Digital forensics and incident response (DFIR) are crucial areas in the field of cybersecurity, involving the identification, analysis, and response to security incidents. In this talk, we talk about the fundamentals of DFIR, including the key concepts and techniques used to investigate and respond to cyber attacks. We will explore the various phases of incident response, from initial detection/ triage to postincident analysis and remediation. We will also discuss the importance of preserving and analyzing digital evidence, as well as the legal and ethical considerations involved in conducting DFIR investigations. Whether you are a seasoned cybersecurity professional or just starting out in the field thetalk will provide valuable insights into the fundamentals of digital forensics and incident response.
More from Christopher Doman (20)
Cloud Security Fundamentals for Forensics and Incident Response.pdf
Cloud Security Fundamentals for Forensics and Incident Response.pdf
Kubernetes Docker Forensics & Incident Response.pdf
Kubernetes Docker Forensics & Incident Response.pdf
Case Studies TeamTNT - AWS & Container Cryptomining Worm DFIR.pdf
Case Studies TeamTNT - AWS & Container Cryptomining Worm DFIR.pdf
Azure Kubernetes Service (AKS) Forensics & Incident Response
Azure Kubernetes Service (AKS) Forensics & Incident Response
Digital Forensics & Incident Response Automation in the Cloud
Digital Forensics & Incident Response Automation in the Cloud
Digital Forensics & Incident Response Fundamentals.pdf
Digital Forensics & Incident Response Fundamentals.pdf
Recently uploaded
Epistemic Interaction - tuning interfaces to provide information for AI support
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Mind map of terminologies used in context of Generative AI
Mind map of common terms used in context of Generative AI.
Full-RAG: A modern architecture for hyper-personalization
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
20240605 QFM017 Machine Intelligence Reading List May 2024
Everything I found interesting about machines behaving intelligently during May 2024
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications.
Microsoft - Power Platform_G.Aspiotis.pdf
Revolutionizing Application Development
with AI-powered low-code, presentation by George Aspiotis, Sr. Partner Development Manager, Microsoft
By Design, not by Accident - Agile Venture Bolzano 2024
As presented at the Agile Venture Bolzano, 4.06.2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
GridMate - End to end testing is a critical piece to ensure quality and avoid...
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
DevOps and Testing slides at DASA Connect
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
How to Get CNIC Information System with Paksim Ga.pptx
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Essentials of Automations: The Art of Triggers and Actions in FME
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
ここ3000字までしか入らないけどタイトルの方がたくさん文字入ると思います。
A tale of scale & speed: How the US Navy is enabling software delivery from l...
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Recently uploaded (20)
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
Lambda Forensics & Incident Response.pdf
- 1. Lambda Forensics & Incident Response Cado Security | 1
- 2. How do you analyze Lambda in Cado? https://www.cadosecurity.com/aws-lambda-incident-response/
- 4. How do you use Lambda for Incident Response? https://www.cadosecurity.com/automated-analysis-of-critical-cloud-infrastructure-with-ca do-and-aws-lambda/
- 5. What logging is there of Lambda functions? https://docs.aws.amazon.com/lambda/latest/operatorguide/log-structure.html
- 6. What logging is there of Lambda functions? https://docs.aws.amazon.com/lambda/latest/operatorguide/parse-logs.html
- 7. Cado Response Free 14-day trial Receive unlimited access to the Cado Response Platform for 14 days. www.cadosecurity.com/free-investigation/