SlideShare a Scribd company logo

SecOps - IR and Forensic Workflows - Python (Security Automation)

Santhosh Baswa
Santhosh Baswa

The talk is about the SecOps - Incident Response and Forensics Workflows, Where we are using python for automation stuff. - SOAR Use Cases (5) - API Integrations - DEMOS - Email Beaconing (Advanced setup) - Public Interaction

Technology
1 of 17
Download to read offline
- Santhosh Baswa SecOps -Automation !1 Workflows & Python IR & Forensics
• SecOps - New Starter • CTF player *Occasionally* • Offensive + Defensive Guy Who Am I !2
“What is SecOps : Where | What | How to Automate ???” !3 *** Share Your Thoughts***
What is SOAR ? (Security Orchestration Automation Response) !4 ***Any IDEA***
SecOps Teams | Automation | Use-Cases !5 - SIEM Alert
 - Phishing Triage
 - Threat Hunting
 - Insider Threat
 - Endpoint Protection
 - Forensic Investigation
SIEM Alert | Threat Hunting | Forensic Investigation !6
!7 Where do we Automate ? • What about Endpoint Agent installation ? • Configuration management (Sysmon/osquery) • SIEM Alert Integration *Python API* / *REST API* • Threat Intel Integration *Corporate/Open Source* • Query Active Directory (Python: ldap3/pyad) • EDR REST API Integration (Get Forensic Snapshots)
!8 Threat Intel : API Integrations • pip install virustotal-api-v2 • X-Force REST API
!9 Active Directory : LDAP Integration
Phishing Triage | Endpoint Investigation !10
!11 Where do we Automate ? • Email -> Extract -> JSON output (Dirty Python Script) • HTML Email Template Generation (Python) • JIRA/ServiceNow - Python API Integration • EDR API Integration : REST API • SandBox Submission: (Cuckoo/VMRay/Falcon/SNDBOX etc.) • Threat Intel - API Integration : VT/IBM-X Force/Open Source • Office 365 Email API Integration
!12 Weird Automation Demos: ** Demo Time **
!13 O365 Management : API Integrations
Data Exfiltration !14
!15 Exfiltration - Detection • Curious about MTA Agents ? • Is Ingress/Outgress Email Traffic monitor in Firewall ? • What about free mail providers/disposable email providers ? • Track how many partners/clients are using free email services ? • Gist: https://gist.github.com/P3t3rp4rk3r/bc707cebaeb306aba3e8e9a9597aa658
!16 Email Beaconing - (Next Level) - Python • What is Beaconing ? pip install python-guerrillamail
“ !17 — P3t3rp4rk3r Any Questions ???

Recommended

Security Automation - Python - Introduction
Security Automation - Python - IntroductionSecurity Automation - Python - Introduction
Security Automation - Python - IntroductionSanthosh Baswa
 
Zero_to_Hero_in_Cyber_Security
Zero_to_Hero_in_Cyber_SecurityZero_to_Hero_in_Cyber_Security
Zero_to_Hero_in_Cyber_SecuritySanthosh Baswa
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod securityRomansh Yadav
 
Mod security
Mod securityMod security
Mod securityShruthi Kamath
 
Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Riyaz Walikar
 
DevSecOps - Integrating Security in the Development Process (with memes) - Ma...
DevSecOps - Integrating Security in the Development Process (with memes) - Ma...DevSecOps - Integrating Security in the Development Process (with memes) - Ma...
DevSecOps - Integrating Security in the Development Process (with memes) - Ma...Magno Logan
 
Post Exploitation Using Meterpreter
Post Exploitation Using MeterpreterPost Exploitation Using Meterpreter
Post Exploitation Using MeterpreterShubham Mittal
 
The internet of $h1t
The internet of $h1tThe internet of $h1t
The internet of $h1tAmit Serper
 

Recommended

Security Automation - Python - Introduction
Security Automation - Python - IntroductionSecurity Automation - Python - Introduction
Security Automation - Python - IntroductionSanthosh Baswa
 
Zero_to_Hero_in_Cyber_Security
Zero_to_Hero_in_Cyber_SecurityZero_to_Hero_in_Cyber_Security
Zero_to_Hero_in_Cyber_SecuritySanthosh Baswa
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod securityRomansh Yadav
 
Mod security
Mod securityMod security
Mod securityShruthi Kamath
 
Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Riyaz Walikar
 
DevSecOps - Integrating Security in the Development Process (with memes) - Ma...
DevSecOps - Integrating Security in the Development Process (with memes) - Ma...DevSecOps - Integrating Security in the Development Process (with memes) - Ma...
DevSecOps - Integrating Security in the Development Process (with memes) - Ma...Magno Logan
 
Post Exploitation Using Meterpreter
Post Exploitation Using MeterpreterPost Exploitation Using Meterpreter
Post Exploitation Using MeterpreterShubham Mittal
 
The internet of $h1t
The internet of $h1tThe internet of $h1t
The internet of $h1tAmit Serper
 
Is My App Secure ?
Is My App Secure ? Is My App Secure ?
Is My App Secure ?Herman Duarte
 
Android Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAndroid Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAnant Shrivastava
 
Web Uygulamalarının Hacklenmesi
Web Uygulamalarının HacklenmesiWeb Uygulamalarının Hacklenmesi
Web Uygulamalarının HacklenmesiÖmer Çıtak
 
Buffer Overflow Attacks
Buffer Overflow AttacksBuffer Overflow Attacks
Buffer Overflow Attackssecurityxploded
 
Android Tamer BH USA 2016 : Arsenal Presentation
Android Tamer BH USA 2016 : Arsenal PresentationAndroid Tamer BH USA 2016 : Arsenal Presentation
Android Tamer BH USA 2016 : Arsenal PresentationAnant Shrivastava
 
OSX/Pirrit: The blue balls of OS X adware
OSX/Pirrit: The blue balls of OS X adwareOSX/Pirrit: The blue balls of OS X adware
OSX/Pirrit: The blue balls of OS X adwareAmit Serper
 
[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security HeadersOWASP
 
[OWASP Poland Day] Saving private token
[OWASP Poland Day] Saving private token[OWASP Poland Day] Saving private token
[OWASP Poland Day] Saving private tokenOWASP
 
[OWASP Poland Day] OWASP for testing mobile applications
[OWASP Poland Day] OWASP for testing mobile applications[OWASP Poland Day] OWASP for testing mobile applications
[OWASP Poland Day] OWASP for testing mobile applicationsOWASP
 
Powershell'in Karanlık Yüzü
Powershell'in Karanlık YüzüPowershell'in Karanlık Yüzü
Powershell'in Karanlık YüzüHalil Dalabasmaz
 
Puppet Camp Chicago 2014: Keynote
Puppet Camp Chicago 2014: KeynotePuppet Camp Chicago 2014: Keynote
Puppet Camp Chicago 2014: KeynotePuppet
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode reviewAnant Shrivastava
 
Malware Analysis Using Free Software
Malware Analysis Using Free SoftwareMalware Analysis Using Free Software
Malware Analysis Using Free SoftwareXavier Mertens
 
Secure Web Coding
Secure Web CodingSecure Web Coding
Secure Web CodingXavier Mertens
 
WordPress Security Hardening
WordPress Security HardeningWordPress Security Hardening
WordPress Security HardeningIda Bagus Budanthara
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active DefenseGreg Foss
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
Bsides
BsidesBsides
BsidesRoberto Sponchioni
 
Python for pentesters
Python for pentestersPython for pentesters
Python for pentestersRashid feroz
 
Advanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONAdvanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONLyon Yang
 
Threat stack aws
Threat stack awsThreat stack aws
Threat stack awsJen Andre
 
CCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsCCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsAhmed Habib
 

More Related Content

What's hot

Android Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAndroid Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAnant Shrivastava
 
Web Uygulamalarının Hacklenmesi
Web Uygulamalarının HacklenmesiWeb Uygulamalarının Hacklenmesi
Web Uygulamalarının HacklenmesiÖmer Çıtak
 
Android Tamer BH USA 2016 : Arsenal Presentation
Android Tamer BH USA 2016 : Arsenal PresentationAndroid Tamer BH USA 2016 : Arsenal Presentation
Android Tamer BH USA 2016 : Arsenal PresentationAnant Shrivastava
 
OSX/Pirrit: The blue balls of OS X adware
OSX/Pirrit: The blue balls of OS X adwareOSX/Pirrit: The blue balls of OS X adware
OSX/Pirrit: The blue balls of OS X adwareAmit Serper
 
[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security HeadersOWASP
 
[OWASP Poland Day] Saving private token
[OWASP Poland Day] Saving private token[OWASP Poland Day] Saving private token
[OWASP Poland Day] Saving private tokenOWASP
 
[OWASP Poland Day] OWASP for testing mobile applications
[OWASP Poland Day] OWASP for testing mobile applications[OWASP Poland Day] OWASP for testing mobile applications
[OWASP Poland Day] OWASP for testing mobile applicationsOWASP
 
Powershell'in Karanlık Yüzü
Powershell'in Karanlık YüzüPowershell'in Karanlık Yüzü
Powershell'in Karanlık YüzüHalil Dalabasmaz
 
Puppet Camp Chicago 2014: Keynote
Puppet Camp Chicago 2014: KeynotePuppet Camp Chicago 2014: Keynote
Puppet Camp Chicago 2014: KeynotePuppet
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode reviewAnant Shrivastava
 
Malware Analysis Using Free Software
Malware Analysis Using Free SoftwareMalware Analysis Using Free Software
Malware Analysis Using Free SoftwareXavier Mertens
 

What's hot (15)

Is My App Secure ?
Is My App Secure ? Is My App Secure ?
Is My App Secure ?
 
Android Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAndroid Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) Professionals
 
Web Uygulamalarının Hacklenmesi
Web Uygulamalarının HacklenmesiWeb Uygulamalarının Hacklenmesi
Web Uygulamalarının Hacklenmesi
 
Buffer Overflow Attacks
Buffer Overflow AttacksBuffer Overflow Attacks
Buffer Overflow Attacks
 
Android Tamer BH USA 2016 : Arsenal Presentation
Android Tamer BH USA 2016 : Arsenal PresentationAndroid Tamer BH USA 2016 : Arsenal Presentation
Android Tamer BH USA 2016 : Arsenal Presentation
 
OSX/Pirrit: The blue balls of OS X adware
OSX/Pirrit: The blue balls of OS X adwareOSX/Pirrit: The blue balls of OS X adware
OSX/Pirrit: The blue balls of OS X adware
 
[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers
 
[OWASP Poland Day] Saving private token
[OWASP Poland Day] Saving private token[OWASP Poland Day] Saving private token
[OWASP Poland Day] Saving private token
 
[OWASP Poland Day] OWASP for testing mobile applications
[OWASP Poland Day] OWASP for testing mobile applications[OWASP Poland Day] OWASP for testing mobile applications
[OWASP Poland Day] OWASP for testing mobile applications
 
Powershell'in Karanlık Yüzü
Powershell'in Karanlık YüzüPowershell'in Karanlık Yüzü
Powershell'in Karanlık Yüzü
 
Puppet Camp Chicago 2014: Keynote
Puppet Camp Chicago 2014: KeynotePuppet Camp Chicago 2014: Keynote
Puppet Camp Chicago 2014: Keynote
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode review
 
Malware Analysis Using Free Software
Malware Analysis Using Free SoftwareMalware Analysis Using Free Software
Malware Analysis Using Free Software
 
Secure Web Coding
Secure Web CodingSecure Web Coding
Secure Web Coding
 
WordPress Security Hardening
WordPress Security HardeningWordPress Security Hardening
WordPress Security Hardening
 

Similar to SecOps - IR and Forensic Workflows - Python (Security Automation)

Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active DefenseGreg Foss
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
Python for pentesters
Python for pentestersPython for pentesters
Python for pentestersRashid feroz
 
Advanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONAdvanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONLyon Yang
 
Threat stack aws
Threat stack awsThreat stack aws
Threat stack awsJen Andre
 
CCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsCCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsAhmed Habib
 
we45 DEFCON Workshop - Building AppSec Automation with Python
we45 DEFCON Workshop - Building AppSec Automation with Pythonwe45 DEFCON Workshop - Building AppSec Automation with Python
we45 DEFCON Workshop - Building AppSec Automation with PythonAbhay Bhargav
 
Automated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSAutomated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSSonatype
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdfMAHESHUMANATHGOPALAK
 
SOC-BlueTEam.pdf
SOC-BlueTEam.pdfSOC-BlueTEam.pdf
SOC-BlueTEam.pdfBeratAkit
 
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUESEMERSON EDUARDO RODRIGUES
 
20140708 - Jeremy Edberg: How Netflix Delivers Software
20140708 - Jeremy Edberg: How Netflix Delivers Software20140708 - Jeremy Edberg: How Netflix Delivers Software
20140708 - Jeremy Edberg: How Netflix Delivers SoftwareDevOps Chicago
 
Application Security within Agile
Application Security within AgileApplication Security within Agile
Application Security within AgileNetlight Consulting
 
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"Defcon Moscow
 
Hacking routers as Web Hacker
Hacking routers as Web HackerHacking routers as Web Hacker
Hacking routers as Web HackerHeadLightSecurity
 
Intro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTIntro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTAshley Deuble
 

Similar to SecOps - IR and Forensic Workflows - Python (Security Automation) (20)

Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active Defense
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
 
Bsides
BsidesBsides
Bsides
 
Python for pentesters
Python for pentestersPython for pentesters
Python for pentesters
 
Advanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONAdvanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCON
 
Threat stack aws
Threat stack awsThreat stack aws
Threat stack aws
 
CCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsCCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ips
 
soctool.pdf
soctool.pdfsoctool.pdf
soctool.pdf
 
we45 DEFCON Workshop - Building AppSec Automation with Python
we45 DEFCON Workshop - Building AppSec Automation with Pythonwe45 DEFCON Workshop - Building AppSec Automation with Python
we45 DEFCON Workshop - Building AppSec Automation with Python
 
Automated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSAutomated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSS
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
 
SOC-BlueTEam.pdf
SOC-BlueTEam.pdfSOC-BlueTEam.pdf
SOC-BlueTEam.pdf
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
 
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
 
20140708 - Jeremy Edberg: How Netflix Delivers Software
20140708 - Jeremy Edberg: How Netflix Delivers Software20140708 - Jeremy Edberg: How Netflix Delivers Software
20140708 - Jeremy Edberg: How Netflix Delivers Software
 
Application Security within Agile
Application Security within AgileApplication Security within Agile
Application Security within Agile
 
Hacking routers as Web Hacker
Hacking routers as Web HackerHacking routers as Web Hacker
Hacking routers as Web Hacker
 
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"
 
Hacking routers as Web Hacker
Hacking routers as Web HackerHacking routers as Web Hacker
Hacking routers as Web Hacker
 
Intro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTIntro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERT
 

Recently uploaded

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

SecOps - IR and Forensic Workflows - Python (Security Automation)

  • 1. - Santhosh Baswa SecOps -Automation !1 Workflows & Python IR & Forensics
  • 2. • SecOps - New Starter • CTF player *Occasionally* • Offensive + Defensive Guy Who Am I !2
  • 3. “What is SecOps : Where | What | How to Automate ???” !3 *** Share Your Thoughts***
  • 4. What is SOAR ? (Security Orchestration Automation Response) !4 ***Any IDEA***
  • 5. SecOps Teams | Automation | Use-Cases !5 - SIEM Alert
 - Phishing Triage
 - Threat Hunting
 - Insider Threat
 - Endpoint Protection
 - Forensic Investigation
  • 6. SIEM Alert | Threat Hunting | Forensic Investigation !6
  • 7. !7 Where do we Automate ? • What about Endpoint Agent installation ? • Configuration management (Sysmon/osquery) • SIEM Alert Integration *Python API* / *REST API* • Threat Intel Integration *Corporate/Open Source* • Query Active Directory (Python: ldap3/pyad) • EDR REST API Integration (Get Forensic Snapshots)
  • 8. !8 Threat Intel : API Integrations • pip install virustotal-api-v2 • X-Force REST API
  • 9. !9 Active Directory : LDAP Integration
  • 10. Phishing Triage | Endpoint Investigation !10
  • 11. !11 Where do we Automate ? • Email -> Extract -> JSON output (Dirty Python Script) • HTML Email Template Generation (Python) • JIRA/ServiceNow - Python API Integration • EDR API Integration : REST API • SandBox Submission: (Cuckoo/VMRay/Falcon/SNDBOX etc.) • Threat Intel - API Integration : VT/IBM-X Force/Open Source • Office 365 Email API Integration
  • 13. !13 O365 Management : API Integrations
  • 15. !15 Exfiltration - Detection • Curious about MTA Agents ? • Is Ingress/Outgress Email Traffic monitor in Firewall ? • What about free mail providers/disposable email providers ? • Track how many partners/clients are using free email services ? • Gist: https://gist.github.com/P3t3rp4rk3r/bc707cebaeb306aba3e8e9a9597aa658
  • 16. !16 Email Beaconing - (Next Level) - Python • What is Beaconing ? pip install python-guerrillamail