This document discusses the concepts of swarm intelligence and hive networks in the context of cybersecurity. It provides examples of how botnets have begun to utilize swarm behaviors by removing centralized command and control servers. This allows for botnets to operate in a more decentralized and autonomous manner. The document also discusses how security strategies need to evolve from static boundary defenses to more agile micro and macro segmentation approaches that emulate hive defense strategies found in nature. Specifically, the integration of security solutions and intelligence sharing is presented as a way to coordinate defenses against advanced persistent threats that utilize swarm and hive-like tactics.
With the focus on security, most organisations test the security defenses via pen-testing. But what about after the network has been compromised. Is there an Advance Persistent Threat (APT) sitting on the network? Will the defenses be able to detect this?
This talk will discuss some of the open source tools that can help simulate this threat. So as to test the security defenses if an APT makes it onto the network.
APNIC Senior Security Specialist Adli Wahid presented on the APNIC Honeynet Project, interesting observations, mitigation and multistakeholder collaboration at Threat Con 2021, held online from 8 to 11 September 2021.
Automated Malware Analysis and Cyber Security IntelligenceJason Choi
This presentation is an introduction to Cuckoo Sandbox, an automated a malware analysis system, and Intelligence to use this tool, at Department of Scientific Criminal Investigation in SungKyunKwan University in Korea.
The New Landscape of Airborne CyberattacksPriyanka Aash
A virus-like cyberattack spreading over the air may sound far-fetched, but new research proves the airborne attack surface is here. Join the Armis researchers who discovered the viral IoT vulnerability, BlueBorne, as they walk through the airborne threat landscape, its risks and tips for tackling them, and for a live demo of an attack using the BlueBorne vector.
Learning Objectives:
1: Understand the airborne attack vector, its threats and consequences of attacks.
2: Observe a live demo of an airborne attack and review existing exploits.
3: Obtain practical advice for reducing the airborne attack surface.
(Source: RSA Conference USA 2018)
With the focus on security, most organisations test the security defenses via pen-testing. But what about after the network has been compromised. Is there an Advance Persistent Threat (APT) sitting on the network? Will the defenses be able to detect this?
This talk will discuss some of the open source tools that can help simulate this threat. So as to test the security defenses if an APT makes it onto the network.
APNIC Senior Security Specialist Adli Wahid presented on the APNIC Honeynet Project, interesting observations, mitigation and multistakeholder collaboration at Threat Con 2021, held online from 8 to 11 September 2021.
Automated Malware Analysis and Cyber Security IntelligenceJason Choi
This presentation is an introduction to Cuckoo Sandbox, an automated a malware analysis system, and Intelligence to use this tool, at Department of Scientific Criminal Investigation in SungKyunKwan University in Korea.
The New Landscape of Airborne CyberattacksPriyanka Aash
A virus-like cyberattack spreading over the air may sound far-fetched, but new research proves the airborne attack surface is here. Join the Armis researchers who discovered the viral IoT vulnerability, BlueBorne, as they walk through the airborne threat landscape, its risks and tips for tackling them, and for a live demo of an attack using the BlueBorne vector.
Learning Objectives:
1: Understand the airborne attack vector, its threats and consequences of attacks.
2: Observe a live demo of an airborne attack and review existing exploits.
3: Obtain practical advice for reducing the airborne attack surface.
(Source: RSA Conference USA 2018)
DDoS Attack on DNS using infected IoT DevicesSeungjoo Kim
[Case Study] DDoS Attack on DNS using infected IoT Devices @ ACSAC 2015 (The 31st Annual Computer Security Applications Conference 2015), which is one of the most important cyber security conferences in the world and the oldest information security conference held annually
I'm take picture from here and there by goggling not mentioning all source please let me know if anyone has any objection. This presentation was presented in IUT CTF G3t R00t
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014grecsl
Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a “ninja” per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...grecsl
Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.
The Credit Union National Association (CUNA) issued a statement on Friday, April 26th, 2013 that a possible widespread Distributed Denial of Service (DDoS) attack may take place on Tuesday, May 7th, 2013.
Despite the numerous warnings, CUNA has offered little advice on how to manage the situation and mitigate an attack.
Realizing the severity of the situation, RedZone has put together 5 practical ways to mitigate against a DDoS happening to you that was presented via GoToWebinar on Wednesday, May 1st, 2013.
The types of attacks we reviewed were:
1. Pure network attack against the credit union
2. Pure network attack against the ISP router
3. Content DDoS
4. DNS DDoS
5. Random Botnet attack
We also answered the following questions:
• What does it mean?
• What are your Zero day protection options?
• What to check on your security products?
• How to enable Global IP protection?
• How do I detect fraud communication in advance?
• What are some vendor product options?
Denial of Service attacks – Definitions, related surveys
Traceback of DDoS Attacks – Proposed method, advantages, future work
Detection methods with Shannon and Renyi cross entropy – Previous works, proposed method, dataset and results
The added value of entropy detection methods
References
The detail architecture of the most relevant consumer drones will be introduced, continuing with the communications protocol between the pilot (app in the smartphone or remote controller) and the drone. Manual reverse engineering on the binary protocol used for this communication will lead to identifying and understanding all the commands from each of the drones, and later inject commands back.
Learning Objectives:
1: Understand whenever a protocol between drone and pilot is secure.
2: Learn about a new reverse engineering methodology for these protocols.
3: Review a set of good practices to secure the environment surrounding a drone.
(Source: RSA Conference USA 2018)
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionWei-Yu Chen
In order to resolve huge amount of anomaly
information generated by Intrusion Detection System (IDS), this paper presents and evaluates a log analysis system for IDS based on Cloud Computing technique,
named IDS Cloud Analysis System (ICAS). To achieve this, there are two basic components have to be designed. First is the regular parser, which normalizes
the raw log files. The other is the Analysis Procedure, which contains Data Mapper and Data Reducer. The Data Mapper is designed to anatomize alert messages and the Data Reducer is used to aggregates and merges. As a result, this paper will show that the
performance of ICAS is suitable for analyzing and reducing large alerts.
Database firewall is a useful tool that monitor databases to identify and protect against database specific attacks that mostly seek to access sensitive information stored in the databases. However the commercial database firewalls are expensive and needs specific product knowledge, while the opensource database firewalls are designed for specific opensource database servers.
In order to fulfill the need of inexpensive database firewall, Snort - an opensource IDS/IPS - is possible to achieve the goal in some scenarios with familiar rule writing. The paper will explain the limitation of Snort as a database firewall, constraints in commercial database statement and some example implementation.
Praktické postupy ochrany před DDoS útoky - Přednáška se bude zabývat postupy jak se chránit před DoS/DDoS útoky a to od nejnižší po nejvyšší vrstvu, od malých webů po korporátní sítě.
www.security-session.cz
an overview of the state of the art of Distributed Denial of Service attacks delivered at Birmingham City University. To avoid copyright problems, I a few slides were removed or heavily edited. Audience was graduate students and academic staff so expect the academic flavour.
DOS / DDOS introduction
How Easy it is to get information
Real Life Examples MyDoom , GitHub , Dyn , Windows Server and Windows 10 servers running Internet Information Services (IIS) are vulnerable to denial of service (DOS) attacks
Base of Attacks
Types of DOS / DDOS
Attack Tools , LOIC, XOIC, Stacheldracht
DOS/DDOS Weaknesses
Category of OS/ DDOS
What to defend?
Botnets and Botnets mitigations
Michael Calce, a.k.a. MafiaBoy
Point of entrance / OSI Model ( If time permit)
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
The recorded version of 'Best Of The World Webcast Series' [Webinar] where Jacob Holcomb speaks on 'RIoT (Raiding Internet of Things)' is available on CISOPlatform.
Best Of The World Webcast Series are webinars where breakthrough/original security researchers showcase their study, to offer the CISO/security experts the best insights in information security.
For more signup(it's free): www.cisoplatform.com
DDoS Attack on DNS using infected IoT DevicesSeungjoo Kim
[Case Study] DDoS Attack on DNS using infected IoT Devices @ ACSAC 2015 (The 31st Annual Computer Security Applications Conference 2015), which is one of the most important cyber security conferences in the world and the oldest information security conference held annually
I'm take picture from here and there by goggling not mentioning all source please let me know if anyone has any objection. This presentation was presented in IUT CTF G3t R00t
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014grecsl
Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a “ninja” per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...grecsl
Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.
The Credit Union National Association (CUNA) issued a statement on Friday, April 26th, 2013 that a possible widespread Distributed Denial of Service (DDoS) attack may take place on Tuesday, May 7th, 2013.
Despite the numerous warnings, CUNA has offered little advice on how to manage the situation and mitigate an attack.
Realizing the severity of the situation, RedZone has put together 5 practical ways to mitigate against a DDoS happening to you that was presented via GoToWebinar on Wednesday, May 1st, 2013.
The types of attacks we reviewed were:
1. Pure network attack against the credit union
2. Pure network attack against the ISP router
3. Content DDoS
4. DNS DDoS
5. Random Botnet attack
We also answered the following questions:
• What does it mean?
• What are your Zero day protection options?
• What to check on your security products?
• How to enable Global IP protection?
• How do I detect fraud communication in advance?
• What are some vendor product options?
Denial of Service attacks – Definitions, related surveys
Traceback of DDoS Attacks – Proposed method, advantages, future work
Detection methods with Shannon and Renyi cross entropy – Previous works, proposed method, dataset and results
The added value of entropy detection methods
References
The detail architecture of the most relevant consumer drones will be introduced, continuing with the communications protocol between the pilot (app in the smartphone or remote controller) and the drone. Manual reverse engineering on the binary protocol used for this communication will lead to identifying and understanding all the commands from each of the drones, and later inject commands back.
Learning Objectives:
1: Understand whenever a protocol between drone and pilot is secure.
2: Learn about a new reverse engineering methodology for these protocols.
3: Review a set of good practices to secure the environment surrounding a drone.
(Source: RSA Conference USA 2018)
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionWei-Yu Chen
In order to resolve huge amount of anomaly
information generated by Intrusion Detection System (IDS), this paper presents and evaluates a log analysis system for IDS based on Cloud Computing technique,
named IDS Cloud Analysis System (ICAS). To achieve this, there are two basic components have to be designed. First is the regular parser, which normalizes
the raw log files. The other is the Analysis Procedure, which contains Data Mapper and Data Reducer. The Data Mapper is designed to anatomize alert messages and the Data Reducer is used to aggregates and merges. As a result, this paper will show that the
performance of ICAS is suitable for analyzing and reducing large alerts.
Database firewall is a useful tool that monitor databases to identify and protect against database specific attacks that mostly seek to access sensitive information stored in the databases. However the commercial database firewalls are expensive and needs specific product knowledge, while the opensource database firewalls are designed for specific opensource database servers.
In order to fulfill the need of inexpensive database firewall, Snort - an opensource IDS/IPS - is possible to achieve the goal in some scenarios with familiar rule writing. The paper will explain the limitation of Snort as a database firewall, constraints in commercial database statement and some example implementation.
Praktické postupy ochrany před DDoS útoky - Přednáška se bude zabývat postupy jak se chránit před DoS/DDoS útoky a to od nejnižší po nejvyšší vrstvu, od malých webů po korporátní sítě.
www.security-session.cz
an overview of the state of the art of Distributed Denial of Service attacks delivered at Birmingham City University. To avoid copyright problems, I a few slides were removed or heavily edited. Audience was graduate students and academic staff so expect the academic flavour.
DOS / DDOS introduction
How Easy it is to get information
Real Life Examples MyDoom , GitHub , Dyn , Windows Server and Windows 10 servers running Internet Information Services (IIS) are vulnerable to denial of service (DOS) attacks
Base of Attacks
Types of DOS / DDOS
Attack Tools , LOIC, XOIC, Stacheldracht
DOS/DDOS Weaknesses
Category of OS/ DDOS
What to defend?
Botnets and Botnets mitigations
Michael Calce, a.k.a. MafiaBoy
Point of entrance / OSI Model ( If time permit)
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
The recorded version of 'Best Of The World Webcast Series' [Webinar] where Jacob Holcomb speaks on 'RIoT (Raiding Internet of Things)' is available on CISOPlatform.
Best Of The World Webcast Series are webinars where breakthrough/original security researchers showcase their study, to offer the CISO/security experts the best insights in information security.
For more signup(it's free): www.cisoplatform.com
Creating HAGRAT, A Remote Access Tool (RAT) and the related Command and Control (C2) infrastructure for Penetration Testing exercises that simlate persistent, targeted attacks.
Catch Me If You Can - Finding APTs in your networkDefCamp
Adrian Tudor & Leo Neagu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
This is a presentation I gave to senior high school students. The 1st part is an overview the 2nd part is more detailed on the ways to perform the Ethical Hacking.
Need my help? Contact Keith Brooks via one of the following ways:
Blog http://blog.vanessabrooks.com
Twitter http://twitter.com/lotusevangelist
http://about.me/keithbrooks
Recon for the Defender: You Know Nothing (about Your Assets), Jon SnowPriyanka Aash
Understanding what you own is step one in securing your assets. A simple concept that still escapes the grasp of most, and it’s getting harder in a cloud-enabled world. Despite this struggle there’s a plethora of APIs and publicly available data to give you a jumpstart on identifying high-risk assets. This session will share techniques and tools to gather data and identify unknown risks.
Learning Objectives:
1: Learn about sources and methods to identify public, unknown assets.
2: Gain access to OSS tooling allowing defenders to operationalize asset inventory process.
3: Learn to apply risk methods using public data attributes to understand quantitative risk.
(Source: RSA Conference USA 2018)
RSA 2018: Recon For the Defender - You know nothing (about your assets)Jonathan Cran
Ed Bellis and Jonathan Cran of Kenna Security discuss a number of fast-moving, emerging threats to the enterprise and provide insight into ways that organizations can get ahead by adding a recon capability - adding more visibility of their exposure & allowing enough time for patch windows.
Watchtowers of the Internet - Source Boston 2012Stephan Chenette
Watchtowers of the Internet: Analysis of Outbound Malware Communication, Stephan Chenette, Principal Security Researcher, (@StephanChenette) & Armin Buescher, Security Researcher
With advanced malware, targeted attacks, and advanced persistent threats, it’s not IF but WHEN a persistant attacker will penetrate your network and install malware on your company’s network and desktop computers. To get the full picture of the threat landscape created by malware, our malware sandbox lab runs over 30,000 malware samples a day. Network traffic is subsequently analyzed using heuristics and machine learning techniques to statistically score any outbound communication and identify command & control, back-channel, worm-like and other types of traffic used by malware.
Our talk will focus on the setup of the lab, major malware families as well as outlier malware, and the statistics we have generated to give our audience an exposure like never before into the details of malicious outbound communication. We will provide several tips, based on our analysis to help you create a safer and more secure network.
Stephan Chenette is a principal security researcher at Websense Security Labs, specializing in research tools and next generation emerging threats. In this role, he identifies and implements exploit and malcode detection techniques.
Armin Buescher is a Security Researcher and Software Engineer experienced in strategic development of detection/prevention technologies and analysis tools. Graduated as Dipl.-Inf. (MSc) with thesis on Client Honeypot systems. Interested in academic research work and published author of security research papers.
This presentation will introduce the Lockheed Martin Cyber Kill Chain and MITRE ATT&CK frameworks. By working through 4 different practical scenarios in a fictional company https://sensenet-library.com, the attendees will learn how they can use those frameworks to measure their security response in today's diverse security threat landscape. We'll go through categorising security controls, responding to a vulnerability report, assessing a threat intel report and decide on future of the company's toolset where you will be able to answer a question if you should continue investing in a tool or should you buy a new one.
Serão demonstradas diversas técnicas de ataque, tais como: Injeções de codigos,brute force, backdoors, root kits, exploits e várias outras maneiras para acessar e se manter indevidamente a servidores,em contra-partida são discutidas melhores praticas para se
evitar os tipos de ataques citados. (Palestra realizada no 3º Festival de Software livre em belo horizonte - FSLBH)
Protecting Financial Networks from Cyber CrimeLancope, Inc.
Financial services organizations are prime targets for cyber criminals. They must take extreme care to protect customer data, while also ensuring high levels of network availability to allow for 24/7 access to critical financial information. Additionally, industry consolidation has created large, heterogeneous network environments within large financial institutions, making it difficult to ensure that networks have the necessary visibility and protection to prevent a devastating security breach. By leveraging NetFlow from existing network infrastructure, financial services organizations can achieve comprehensive visibility across even the largest, most complex networks. The ability to quickly detect a wide range of potentially malicious activity helps prevent damaging data breaches and network disruptions. Attend this informational webinar, conducted by Lancope’s Director of Security Research, Tom Cross, to learn: How NetFlow can help quickly uncover both internal and external threats How pervasive network insight can accelerate incident response and forensic investigations How to substantially decrease enterprise risks
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
It covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.
Discuss Security Incidents & Business Use Case, Understanding Web 3 Pros
and Web 3 Cons. Prevention mechanism and how to make sure that it doesn’t happen to you?
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
Round Table Discussion On "Emerging New Threats And Top CISO Priorities In 2022"_ Bangalore
Date - 28 September, 2022. Decision Makers of different organizations joined this discussion and spoke on New Threats & Top CISO Priorities
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence
1. SESSION ID:
#RSAC
Derek Manky
ORDER VS. MAD SCIENCE
ANALYZING BLACK HAT SWARM
INTELLIGENCE
HT-W02
Global Security Strategist
For>net, Office of CISO
/in/derekmanky
3. #RSAC
§ Experimental self-replica>ng program
§ WriJen in 1971 to demonstrate a ‘mobile’ applica>on
§ Infected DEC PDP-10 computers running TENEX OS
§ Just 1 year aQer Unix ‘Epoch Time’ began
§ ‘Reaper’ worm created in ‘72 to delete it
1 January 1970 00:00:00 GMT à Epoch >mestamp 0
1971: Creeper – The First Computer Virus
4. #RSAC
COMPOUNDED CYBERCRIME
Evolving AJack Capabili>es
Threat Landscape
CRIMEWARE PRODUCERS
Source Code
Junior Developers
Copy & paste
Senior DevelopersExploits Packers Special
Pla^orm
s
Mobile
CRIME SERVICES ENABLERS
Quality Assurance
Crypters / Packers
Scanners
HosMng
Infec>ons / Drop Zones
Management
Botnet Rentals
Installs / Spam /
SEO / DDoS
Money Mules
Accounts Receivable
ConsulMng
Affiliates
Criminal
OrganizaMons
Sales, Licensing,
Maintenance
Partnerships
Affiliate Programs
FakeAV / Ransomware / Botnets
VicMms
Bank
Accounts
Creden>als
& Data
Digital Real
Estate
5. #RSAC
SPEED KILLS: SWARM BOTNETS
AcceleraMng the ATack Chain
Hit Me With Your Best Shot – Fire Away
6. #RSAC
Swarm – Individual Survival Using the Group
Starlings flock toward dusk in order to avoid predators…
create a ‘murmuring’
Collec>ve behavior
exhibited by en>>es,
par>cularly animals
Similar size or
same species
Aggregate together,
usually moving together
in some direc>on
Ants build resiliency through cooperaMve structures or
mass defense / aTack strategies
7. #RSAC
Other Biomechanical Examples
of Swarm Behavior
Stock trading is o`en irraMonal relaMve to the underlying value of a
company due to swarm behavior
Group behavior can be radically different
from individual behavior
Humans also Behave in Swarm Fashion
Old saying – a person is
smart, a crowd is not
Tend to exhibit swarm
behavior depending on
situa>on
Aggregate and size of
grouping determines
behavior
9. #RSAC
EXFILTRATION 5
GATHER 4
EXPAND3
BREAK-IN2
PLANNING1
• Deliver remote exploits and
malware
• Establish backdoors for
commands
• Iden>fy and collect
sensi>ve data
• Staging Server
• Research target
• Build or Acquire Tools
• Test tools + detec>on
The Accelerated AJack Chain
Automa>on & Swarm Decrease TTB (Time to Breach)
• Move laterally to increase
system access
• Stronger Foothold
• Data exfiltra>on through
command and control services to
external network
SURVIVE… Or PROFIT?
6
10. #RSAC
• Shodan is a search engine that indexes open ports and services
• AJacker Queries Shodan
• AJacker uses a list of known exploits to aJack known IoT and other
systems based on indexed queries given by Shodan
• AJackers then aJacks IoT or vulnerable systems directly bypassing
per miter security features gaining a foothold into internal networks.
Autosploit – Building Swarms
11. #RSAC
Autosploit Workflow
Autosploit
Interface
Shodan
Query
Gather Known
Vulnerabili>es
Indexed by
Shodan
Launch
and run
exploits
1. Attacker launches Autosploit script
2. Autosploit queries Shodan for known
exploits
3. Autosploit uses intelligent matching
(optional) to match additional exploits
to ports and services
4. Autosploit configures metasploit as
a “reverse listener” to launch an
attack to a victim.
5. Victim connects back to the
attacker’s Autosploit, allowing (many
times) for the attacker to bypass
security measures
12. #RSAC
Problems with Autosploit
Easy to launch
No real skills needed
No discrimina>on between hosts
Uses dangerous exploits that may crash/destroy sytems
Shodan
Shodan uses hive func>ons by looking for similar systems with similar func>ons
Categorizes vulnerabili>es
Allows users to search for vulnerable systems that are live
14. #RSAC
Botnet Building Blocks
Typical Botnet Components
AJacker
(botmaster, herder)
C&C Server Zombies Vic>m / target Communica>ons
channels
AJacker Control Server Botnet AJach Nodes Vic>m
Ini>ate AJack AJack Traffic
15. #RSAC
Blackhat Swarms – Removing the C2
Next GeneraMon Botnet 3.0: Swarm
What if Botnets could u>lize swarm intelligence?
§ Largely Accelerated AJack Chain
§ Human Out of Loop
§ Strengthened Blackhat Hive
Botnet AJach Nodes Vic>m
AJack Traffic
Satori Botnet example
§ If camera is hacked or under stress it skips the
system if beJer targets are found (pheromones)
16. #RSAC
Frankenstein Malware
§ Localized swarm behavior – code building blocks
from legi>mate running processes
§ Seman>c Blueprint contains malware goals
§ Malware scans for exis>ng underlining code in
memory
§ Malware uses pieces of code from various
programs to create new malware
§ Lua gives flexibility, add code
§ Debug in real->me
17. #RSAC
Hajime Precursor
• Intelligent IOT Botnet – Nine Pla^orms + x86
• TR-069 Exploit (MSSP/Telco Control)
• First detected October 25, 2016
• 30,000+ detec>ons per day (For>Guard)
18. #RSAC
Hajime Precursor
• Hajime, a mul> pla^orm worm with a decentralized C2 (First known IOT)
• IoT is the target, basically any pla^orm that runs busybox
• ARMv5-7, MIPS LiJle endian, Intel x86-64
Once ini>ally infected will
randomly probe for other
devices
If found a telnet port open it
will try to brute for logins
Once inside a couple of
commands are issued
These commands are used
to further iden>fy the
enviroment
$ enable
$ system
$ shell
$ sh
$ /bin/busybox ECCHI
Once iden>fied the target
architecutre, binaries for
that pla^orm are
downloaded from the
aJacking host
# echo -ne
"x7fx45x4c
x46x01x01x01x00x00x00x00x00x00x00x00x00x02x00x28x00x01x0
0x00
x00x54x00x01x00x34x00x00x00x44x01x00x00x00x02x00x05x34x0
0x20x00x01x00x2
8x00x04x00x03x00x01x00x00x00x00x00x00x00x00x00x01x00"
> .s; /bin/busybox
ECCHI
# echo
The purpose of this piece of
code which is basically piped
in hexadecimal through the
network and dumped to a
local file and then executed
is to download the stage2
The download of the stage 2
begins, which is the botnet
comminica>on part, using
encrypted trackerless
torrent uTP
# unlink file
AQer all Hajime deletes itself
from the filesystem, having
footprint in memory only
19. #RSAC
Hide and Seek
• Second known decentralized P2P IOT botnet
• Swarm characteris-cs
• Known exploit to spread to TP Link routers
• Confirmed Capabili>es
• AMD x64, ARM
• Brute force aJacks
• Target addi>on to random list
• File retrieval commands through P2P nodes
• Peer request-response model
• ‘i’ request à ‘I’ response
• ‘h’ request à ‘H’ response
• ‘z’ request à ‘O’ response
• ‘~’ request à ‘^’ response
20. #RSAC
Hide and Seek
Fig 1: HNS Adds firewall rule to allow traffic
on UDP port for P2P
Fig 3: P2P communicaMon traffic captured, retrieving ELF files
Fig 2: Scanning for next vicMms
Fig 4: List of supported run Mme commands
21. #RSAC
Hide and Seek
'e' + IP:PORT's' + path
‘m<data’ ßà Y<data>’
2) Target is identified by swarm
3) Target is swarmed, penetrated
4) File information leaked
through swarm (IP, etc)
1) Seed the Swarm Autosploit)
22. #RSAC
ORDER: HIVE NETWORKS (HIVENETS)
All Your Bots are Belong To Us
Building a Cohesive Security Fabric
23. #RSAC
Hive – Group Survival Using the Individual
Elephants, Meercats, and even humans ac>ng as a corpora>on
Decentralized,
mul>component
mind
Displayed by
social insects and
some animals
Individual is the
lowest cell unit
Quickly dies if
individual
becomes
separated
Many animals
display forms of
this behavior…
24. #RSAC
Hive – Group Survival Using the Individual
Bees: individual = simplis>c
• As a group the intelligence rises
• Individuals responsible for jobs
• Complex communica>on and
rituals
• Sub-groups have specific roles
such as food gathering, digging,
feeding pupae, cleaning
• All will act in defense of aJack
Example – complex sub-group communicaMons
Circular = nearby food Tail wag = far away food
25. #RSAC
Is Cloud a Hive?
Cloud
• More of an extension of the hive
• As a component it is oQen like a sub-group
• Serves a func>on to infrastructure, resources
• Connects worker nodes and extends func>onality
• Example: cloud-based security solu>ons such as
sandbox, web content filtering, others
Hive
• Decentralized, mul>component
• Group is intertwined through individuals
• Individual is the lowest cell unit
• Unable to act sufficiently as a stand-alone Quickly
28. #RSAC
Cyber Threat Alliance
Integra>on of CTA Intelligence into Mul>ple Vendors (Swarm)
FOUNDING MEMBERS AFFILIATE & CONTRIBUTING MEMBERS
“The best way to combat the negative impact of cybercriminals and best protect our customers is
through cooperation and partnership based on actionable intelligence from diverse sources.”
Ken Xie, founder, chairman of the board and CEO, Fortinet
29. #RSAC
ex·pert sys·tem
noun
COMPUTING
a piece of soQware programmed using ar>ficial
intelligence techniques. Such systems use databases of
expert knowledge to offer advice or make decisions in
such areas as medical diagnosis and trading on the stock
exchange.
Advanced Solu>ons for Swarm
30. #RSAC
Advanced Solu>ons for Swarm: AI An>-Malware
MALICIOUS
CLEAN
OUTPUT
L J
INPUT
RAW SAMPLES
Feature Set Improvements
§ Quality
§ Stabilized Number
§ Weigh>ng Confidence
ConMnued Accuracy to
a High Degree of
Confidence
FEATURESQuan>ty
Quality
31. #RSAC
YESTERDAY’S PRIMARY STRATEGY:
STATIC BOUNDARY SECURITY
SWARM STRATEGY:
AGILE MACRO AND MICRO SEGMENTATION
IoT
Mobile
Windows
Mac
Visibility,
Control,
Consistency
100G
5G
Private
Campus
Core
WAN
Access
Public
33. #RSAC
Recon
Delivery
Exploit
C & C
Internal Recon
Maintain
Accelerated AJack Chain Defense: Hive Defense in Kill Chain
Protect Detect Disrupt Degrade Deceive Contain
LOWRISKHIGH
NG Firewall
AV, IPS,WF,
Botnet
Mail
Security
Advanced Threat ProtecMon
Framework
(Sandbox Technology working with FW, Endpoints, Mail, WAF)
Database Monitoring and MulM-AuthenMcaMon
Internal SegmentaMon Firewalls – Architecture
34. #RSAC
Following Through
§ Next week you should:
§ Think about your hive – where is it located (distributed, centralized, etc)
§ In the first three months following this presentaMon you should:
§ Iden>fy cri>cal assets, resources within your hive
§ Within six months you should:
§ Create an orchestrated security model that is your hive defense
§ Integra>on of security devices vs. kill chain
§ Consider AI solu>ons vs. zero day code
§ Shared, ac>onable intelligence between security solu>ons
§ Think about how to repurpose human admins (SOC/NOC) with such solu>ons
34