MITRE ATT&CKcon 2.0: ATT&CK Coverage Assessment from a Data Perspective; Olaf...MITRE - ATT&CKcon
The document discusses ATT&CK coverage assessment from a data perspective. It describes the current coverage of various MITRE ATT&CK techniques using different detection methods like Sysmon and other toolkits. It also discusses how techniques can be categorized into alerting, hunting, and incident response/forensics. A roadmap for future coverage is mentioned including developing a graph modeled assessment.
Beyaz Şapkalı Hacker CEH Eğitimi - Aktif Bilgi ToplamaPRISMA CSI
Bu sunum, Prisma tarafından verilen “Uygulamalı Beyaz Şapkalı Hacker Eğitimi v1” de anlatılan bir üniteye aittir.
PRISMA CSI • Cyber Security and Intelligence www.prismacsi.com
Bu doküman, alıntı vererek kullanılabilir ya da paylaşılabilir ancak değiştirilemez ve ticari amaçla kullanılamaz. Detaylı bilgiye https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.tr bağlantısından erişebilirsiniz.
This document provides an overview of open-source intelligence (OSINT) techniques. It defines OSINT as information gathered from publicly available sources on the internet and media. Some key OSINT data sources it outlines include search engines, social networks, maps, public databases, and other online tools that can be used to gather intelligence on people, organizations, domains, and technical information. The document also lists specific tools and websites that can be used for OSINT activities like searching social media, performing online investigations, and monitoring open data sources.
MITRE ATT&CKcon 2.0: ATT&CK Coverage Assessment from a Data Perspective; Olaf...MITRE - ATT&CKcon
The document discusses ATT&CK coverage assessment from a data perspective. It describes the current coverage of various MITRE ATT&CK techniques using different detection methods like Sysmon and other toolkits. It also discusses how techniques can be categorized into alerting, hunting, and incident response/forensics. A roadmap for future coverage is mentioned including developing a graph modeled assessment.
Beyaz Şapkalı Hacker CEH Eğitimi - Aktif Bilgi ToplamaPRISMA CSI
Bu sunum, Prisma tarafından verilen “Uygulamalı Beyaz Şapkalı Hacker Eğitimi v1” de anlatılan bir üniteye aittir.
PRISMA CSI • Cyber Security and Intelligence www.prismacsi.com
Bu doküman, alıntı vererek kullanılabilir ya da paylaşılabilir ancak değiştirilemez ve ticari amaçla kullanılamaz. Detaylı bilgiye https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.tr bağlantısından erişebilirsiniz.
This document provides an overview of open-source intelligence (OSINT) techniques. It defines OSINT as information gathered from publicly available sources on the internet and media. Some key OSINT data sources it outlines include search engines, social networks, maps, public databases, and other online tools that can be used to gather intelligence on people, organizations, domains, and technical information. The document also lists specific tools and websites that can be used for OSINT activities like searching social media, performing online investigations, and monitoring open data sources.
Window ağlarda saldırganların yatay hareketleri ve bunların tespiti konusunda düzenlediğimiz webinarda kullanılan sunumdur.
Amacımız saldırı ve savunma tarafının bakış açılarını bir arada sunmaktı.
Siber saldırıların tespitinde ve olay müdahalesinde Windows sistemlerin logları bize önemli bilgiler verir. Sistemin ilk ele geçirildiği andan başlayarak siber saldırganların yerel ağda yayılmasına kadar pek çok adıma bu loglar üremektedir.
Webinarda aşağıdaki konuları ele aldık:
1- Siber Ölüm Zinciri: Siber saldırıların 7+1 adımı
2- Yatay hareket (lateral movement): Siber saldırganların yerel ağdaki davranışları
3- Fidye yazılımlardaki rolü: Fidye yazılımların yerel ağda yayılmak için kullandığı teknikler
4- Yaşanılan senaryolardan örnekler
5- Yatay hareket için kullanılan araçlar: Siber saldırganlar tarafından kullanılan araçlar
6- Windows Event Logs: Yatay hareketleri tespit etmek için kullanılabilecek loglar
7- LogonTracer Aracı: Log analizini kolaylaştıracak ücretsiz bir araç
8- Olay tespiti ve müdahalesinde Microsoft Advanced Threat Analytics (ATA) aracı kullanımı
9- Yatay hareket tespiti için öneriler
================
Sorularınız için sparta@sparta.com.tr
The document discusses indicators of compromise from a cyber attack. It describes the various stages an attacker goes through from initial access to installing malware and establishing command and control. The summary analyzes the host to find malware samples, network connections, and extracted files. It also looks for indicators in network traffic, such as tools downloaded and data uploaded to attacker infrastructure. The document concludes with monitoring effectiveness of security tools and ongoing attribution of attacks.
Log Korelasyon/SIEM Kural Örnekleri ve Korelasyon Motoru Performans VerileriErtugrul Akbas
Korelasyon yeteneği bir SIEM ürününün en önemli özelliklerinden biridir. Ürünlerin korelasyon yetenekleri farklılık göstermektedir.
Bu çalışmada ortalama bir korelasyon yeteneğine sahip bir SIEM ürünü ile geliştirilebilecek kurallara örnekleri listelemeye çalıştık.
The global Tor network and its routing protocols provide an excellent framework for online anonymity. However, the selection of Tor-friendly software for Windows is sub-par at best.
Want to anonymously browse the web? You’re stuck with Firefox, and don’t even think about trying to anonymously use Flash. Want to dynamically analyze malware without letting the C2 server know your home IP address? You’re outta luck. Want to anonymously use any program that doesn’t natively support SOCKS or HTTP proxying? Not gonna happen.
While some solutions currently exist for generically rerouting traffic through Tor, these solutions either don’t support Windows, or can be circumvented by malware, or require an additional network gateway device.
Missed the live session at Black Hat USA 2013? Check out the slides from Jason Geffner's standing room only presentation! Jason released a free new CrowdStrike community tool to securely, anonymously, and transparently route all TCP/IP and DNS traffic through Tor, regardless of the client software, and without relying on VPNs or additional hardware or virtual machines.
Onion routing is an anonymous communication technique that encrypts and routes traffic through multiple network nodes, making it difficult to trace. It works by having a client connect to a Tor network node, which encrypts the connection and passes it to another node, and so on through several nodes, with each node only knowing the previous and next hops. This creates an encrypted circuit through the network that separates identification of the user from message routing to provide anonymity.
This document provides an overview of open source intelligence (OSINT) techniques for pentesters. It defines OSINT as intelligence derived from publicly available online sources and discusses why OSINT is useful for goals like finding usernames, passwords, or locating individuals. It then outlines various sources of online information like search engines, social media, communities, and corporate sites. Finally, it describes tools that can be used to gather OSINT like dig, TheHarvester, and APIs and demonstrates searching techniques through examples.
3 the itchy patient cases- austel finalwithpollseyedogtor
This document summarizes key points from a veterinary dermatology symposium. It discusses diagnostic steps and treatment options for common pruritic conditions in dogs and cats. Common causes of pruritus include demodicosis, cheyletiella, dermatophytosis, pyoderma, bacterial/fungal infections, parasites, and allergies. The document emphasizes the importance of thorough diagnostics before initiating treatment, as well as long-term management for chronic allergic conditions through elimination diets and immunotherapy. Compliance can be challenging but is critical for successful management of pruritic patients.
Window ağlarda saldırganların yatay hareketleri ve bunların tespiti konusunda düzenlediğimiz webinarda kullanılan sunumdur.
Amacımız saldırı ve savunma tarafının bakış açılarını bir arada sunmaktı.
Siber saldırıların tespitinde ve olay müdahalesinde Windows sistemlerin logları bize önemli bilgiler verir. Sistemin ilk ele geçirildiği andan başlayarak siber saldırganların yerel ağda yayılmasına kadar pek çok adıma bu loglar üremektedir.
Webinarda aşağıdaki konuları ele aldık:
1- Siber Ölüm Zinciri: Siber saldırıların 7+1 adımı
2- Yatay hareket (lateral movement): Siber saldırganların yerel ağdaki davranışları
3- Fidye yazılımlardaki rolü: Fidye yazılımların yerel ağda yayılmak için kullandığı teknikler
4- Yaşanılan senaryolardan örnekler
5- Yatay hareket için kullanılan araçlar: Siber saldırganlar tarafından kullanılan araçlar
6- Windows Event Logs: Yatay hareketleri tespit etmek için kullanılabilecek loglar
7- LogonTracer Aracı: Log analizini kolaylaştıracak ücretsiz bir araç
8- Olay tespiti ve müdahalesinde Microsoft Advanced Threat Analytics (ATA) aracı kullanımı
9- Yatay hareket tespiti için öneriler
================
Sorularınız için sparta@sparta.com.tr
The document discusses indicators of compromise from a cyber attack. It describes the various stages an attacker goes through from initial access to installing malware and establishing command and control. The summary analyzes the host to find malware samples, network connections, and extracted files. It also looks for indicators in network traffic, such as tools downloaded and data uploaded to attacker infrastructure. The document concludes with monitoring effectiveness of security tools and ongoing attribution of attacks.
Log Korelasyon/SIEM Kural Örnekleri ve Korelasyon Motoru Performans VerileriErtugrul Akbas
Korelasyon yeteneği bir SIEM ürününün en önemli özelliklerinden biridir. Ürünlerin korelasyon yetenekleri farklılık göstermektedir.
Bu çalışmada ortalama bir korelasyon yeteneğine sahip bir SIEM ürünü ile geliştirilebilecek kurallara örnekleri listelemeye çalıştık.
The global Tor network and its routing protocols provide an excellent framework for online anonymity. However, the selection of Tor-friendly software for Windows is sub-par at best.
Want to anonymously browse the web? You’re stuck with Firefox, and don’t even think about trying to anonymously use Flash. Want to dynamically analyze malware without letting the C2 server know your home IP address? You’re outta luck. Want to anonymously use any program that doesn’t natively support SOCKS or HTTP proxying? Not gonna happen.
While some solutions currently exist for generically rerouting traffic through Tor, these solutions either don’t support Windows, or can be circumvented by malware, or require an additional network gateway device.
Missed the live session at Black Hat USA 2013? Check out the slides from Jason Geffner's standing room only presentation! Jason released a free new CrowdStrike community tool to securely, anonymously, and transparently route all TCP/IP and DNS traffic through Tor, regardless of the client software, and without relying on VPNs or additional hardware or virtual machines.
Onion routing is an anonymous communication technique that encrypts and routes traffic through multiple network nodes, making it difficult to trace. It works by having a client connect to a Tor network node, which encrypts the connection and passes it to another node, and so on through several nodes, with each node only knowing the previous and next hops. This creates an encrypted circuit through the network that separates identification of the user from message routing to provide anonymity.
This document provides an overview of open source intelligence (OSINT) techniques for pentesters. It defines OSINT as intelligence derived from publicly available online sources and discusses why OSINT is useful for goals like finding usernames, passwords, or locating individuals. It then outlines various sources of online information like search engines, social media, communities, and corporate sites. Finally, it describes tools that can be used to gather OSINT like dig, TheHarvester, and APIs and demonstrates searching techniques through examples.
3 the itchy patient cases- austel finalwithpollseyedogtor
This document summarizes key points from a veterinary dermatology symposium. It discusses diagnostic steps and treatment options for common pruritic conditions in dogs and cats. Common causes of pruritus include demodicosis, cheyletiella, dermatophytosis, pyoderma, bacterial/fungal infections, parasites, and allergies. The document emphasizes the importance of thorough diagnostics before initiating treatment, as well as long-term management for chronic allergic conditions through elimination diets and immunotherapy. Compliance can be challenging but is critical for successful management of pruritic patients.
This Presentation analyses the three Learning Styles and the way in which coaches should incorporate various techniques and strategies to enhance individual and team performance.
文摘: The inhibition of corrosion of iron in 2M itric acid and 2M sulfuric acid solutions by substituted phenylphydantoin, hiohydantiin, and dithiohydantoin compounds was measured using thermometric, weight loss, and polarization methods. The three methods gae consitstent results. The polarization curves indicated that the hydantoin compounds act as mixed-type inhibvitors. The adsorption of the inhibitors were found to obey the Temkin adsorption isotherm. The higher inhibition efficiency of the additives in nitric with respect to sulfuric acid solution may be attributed to he reduced formation of soluble quaternary nmitrogen salts in nitric acid medium, favouring adsorption of the parent additive on the metal surface. The obtained results indicate that the corrosion rate of iron in both acids increases with increasing temperature, both in absence and presence of the tested inhibitors. Kinetic-thermodynamic model functions and Temkin isotherm data are compared and discussed. The synergistic effect of halide anion on the inhibition efficiency of the hydantoin compounds was also investigated.
关于协会 协会网刊 化工年鉴 政策法规 展会信息 化工园区
The document outlines the steps involved in writing and publishing a novel, including outlining the story, researching, writing a draft, discussing the writing process with published authors, doing a book cover photo shoot, creating the layout, doing peer editing and final corrections with an editor, publishing the book electronically, binding the finished product, and viewing it on a Kindle.
2010 1028 platt and levine sbc_spc_openforum_102810 finalspickell
The document discusses what makes a biomaterial sustainable. It introduces the Sustainable Biomaterials Collaborative, which is working to develop sustainability guidelines for biomaterials. It outlines a framework for sustainable biomaterials that covers biomass feedstock sourcing, production and use, and end of life. Key challenges with bioplastics are identified such as concerns over GMOs, developing adequate composting programs, and potential contamination of recycling systems. The document advocates taking a life cycle approach and defining sustainability criteria around principles like sustainable feedstocks, green chemistry, and closed loop systems. Market-based tools like purchasing specifications and working landscape certificates are presented as ways to promote sustainable biomaterials.
This document provides product specifications and comparisons for several Alpha/Broder styles of performance apparel. It details the materials, features, benefits, and pricing of Alpha/Broder styles compared to similar SanMar styles. The Alpha/Broder styles are described as having higher quality materials and construction at a lower price point than the comparable SanMar styles. The document aims to show customers that Alpha/Broder provides replacement products that are superior to what they currently buy from SanMar.
Chris Walsh – Why Should Your Dealership Have A Program For Active Military &...Sean Bradley
For decades consumers have been pleading with us: “Please give us a reason to do business with you other than price, other than ‘Push, Pull or Tow’, other than goofy ads and a carnival atmosphere in your showroom. I’m about to fork over thirty thousand or more of my hard earned dollars, please treat me like an intelligent, adult consumer. Respect me, take care of me, treat me fairly and honestly and I will reward you with loyalty.” Building a bond of trust, caring about the things that are important to your customers, becoming involved in the community are factors which set the really strong stores apart from the pack. Vets-Cars is an incredibly powerful form of caused based marketing. It is a Why Buy Here identity process which has proven to resonate very positively with members of the military and veteran community, a forty million strong consumer demographic.
Este documento presenta información sobre geopolítica, incluyendo sus objetivos, bases teóricas, definiciones y antecedentes históricos. Explica las teorías de autores clave como Mahan, Mackinder y Ratzel, y cómo fueron usadas por Hitler. También resume la visión geopolítica de Simón Bolívar y provee definiciones de conceptos geopolíticos fundamentales como estado, territorio y soberanía.
The document discusses potential photos that could be used for a magazine cover design. It analyzes several photos, identifying pros and cons of each. One photo shows a fisherman holding a compass against an old building background; this photo provides interesting metaphorical interpretations and framing that relates the foreground and background. However, the small scale of the figure may distract from the intended message. Another photo of a figure sitting on the ground could represent feelings of being trapped or not ready to change. In the end, no photo is selected, as each has limitations for conveying the desired message.
This document contains 64 Chinese proverbs and their English translations. Some key proverbs include:
1) A friend in need is a friend indeed - 患难见真情
2) Prevention is better than cure - 预防胜于治疗
3) Rome wasn't built in a day - 罗马不是一天建成的
4) Out of sight, out of mind - 眼不见为净
5) Make hay while the sun shines - 在阳光普照时做干草
A visual tutorial for Impress Kids subscribers.
When your children, parents or ministry partners visit your Place as guests, they can send you requests to become members. This presentation shows how.
The document discusses digital storytelling as a tool for teaching and learning. It notes that digital videos are a core part of modern entertainment and news. Teachers can capitalize on students' interest in viral video clips by using digital storytelling to help students connect with curriculum. The document also discusses applying digital storytelling in a teacher education program and the implications for teachers in using digital videos across content areas.
1. 1 Company Proprietary and ConfidentialThe document name can go here
Особености на sniffing
атаките и как да се
предпазим от тях
Варна 2014
Изготвил:
Йоанна Георгиева
фак.н: 11577
2. 2 Company Proprietary and ConfidentialThe document name can go here
Въведение в темата
• Интернет застрашава нашата сигурност
• Кибератаката е престъпление
• Можем да станем жертви на различни видове атаки
3. 3 Company Proprietary and ConfidentialThe document name can go here
Основната цел e да се проучат,
систематизират и представят
особеностите на sniffing атаките
За нейното постигане са реализирани следните задачи:
• Да се изясни същността, предназначението и видовете
sniffing атаки
• Да се проучат и анализират някои от наличните
инструментални средства, с които те се извършват
• Да се представят решения за защита при нападения
4. 4 Company Proprietary and ConfidentialThe document name can go here
Същност на sniffing атаките
• Програма или устройство, улавящо от мрежовия
трафик специфична за дадената мрежа информация
5. 5 Company Proprietary and ConfidentialThe document name can go here
Същност на sniffing атаките
• Целта от всичко това е да се открадне нещо – пароли,
e-mail-и, файлове по мрежата и др.
• Изисква се пакет, който да извършва “подслушването”
на информацията
6. 6 Company Proprietary and ConfidentialThe document name can go here
Начини за реализиране на
sniffing заплахи
7. 7 Company Proprietary and ConfidentialThe document name can go here
Слоеве, на които е възможно
реализиране на атака
8. 8 Company Proprietary and ConfidentialThe document name can go here
Видове sniffing атаки
• Пасивни – реализират дейността си чрез/през хъб.
Много трудно могат да бъдат проследени по мрежата.
Вече не се използват.
• Активни – “подслушването” се осъществява чрез суич.
Лесно могат да бъдат открити. Разчитат на
“инжектирането” на ARP пакети в мрежата, които
предизвикват трафик.
9. 9 Company Proprietary and ConfidentialThe document name can go here
Допълнителни техники за
реализиране на активна
sniffing атака
o ARP spoofing
• ARP се използва за разрешаване на IP адресите на
интерфейса към физическите адреси
• ARP пакетите могат да бъдат “поправени”, след като се
изпратят данни към компютъра на атакуващите
• ARP “отравянето” се използва с цел атакуващият да
се намеси в мрежовия трафик между двете машини в
мрежата, които обменят информация
11. 11 Company Proprietary and ConfidentialThe document name can go here
DHCP атаки
• реализират се лесно
• работят чрез излъчване на DHCP заявки с
поправените MAC адреси
• след изчерпване на адресното пространство,
нападателят създава фалшив DHCP сървър в
неговата система, който да отговоря на новите DHCP
заявки от клиентите на мрежата
12. 12 Company Proprietary and ConfidentialThe document name can go here
Средства за извършване на
sniffing атаки
• MSN Sniffer – платена версия, служи за улавяне на MSN
чат в мрежата, записва разговорите автоматично
• NetSetMan – платена версия, но има и безплатна, която
позволява създаването на 6 профила включващи пълна
мрежова конфигурация, възможност за ръчна промяна на
местоположението в мрежата
• SMAC – платена версия, но има и безплатна, която служи
за смяна на MAC адреса, за Windows 2000/XP/Vista
13. 13 Company Proprietary and ConfidentialThe document name can go here
Средства за извършване на
sniffing атаки
• Ace Password Sniffer – безплатна програма за улавяне на
пароли през FTP, POP3, HTTP, SMTP, Telnet и др.;
• NetWitness – безплатна програма за пресъздаване на
сесии, поддържа аудит и следене на целия трафик по
мрежата, SSL декриптиране;
• Cain and Abel - безплатна програма за разкриване на
всевъзможни пароли, записва VoIP разговори, декодира
"доловените” пароли.
14. 14 Company Proprietary and ConfidentialThe document name can go here
Какви мерки да вземем, за да
сме защитени?
• да се наложи ограничение на физическия достъп до
мрежата
• да се използва криптиране
• да се използва статичен IP адрес и статична ARP таблица
• само оторизирани потребители да могат да работят с
мрежата
• да се използва IPv6 вместо IPv4
• да се използват криптирани сесии, като SSH, SCP и SSL
15. 15 Company Proprietary and ConfidentialThe document name can go here
Какви мерки да вземем, за да
сме защитени?
• да се използва PGP и S/MIPE, VPN, IPSec, TLS и OTP
• да се използва HTTPS за защита
• да не се използват услуги на незащитени мрежи
• да се взема под внимание мрежовото устройство, което ще
се използва
• да се внимава, когато се споделят папки и услуги по
мрежата
16. 16 Company Proprietary and ConfidentialThe document name can go here
Средства за следене на
мрежовия статус
• SniffJoke - приложение за Linux, инжектира пакети, които
затрудняват осъществяването на пасивни sniffing атаки
• Kitty-Litter – предназначено е за защита от изтичане на
данни от уеб сайтове и онлайн банкиране, предотвратява
улавянето на пароли и следенето на трафика
• ACiD - за мониторинг на мрежата, засича IP аномалиите
при активни sniffing атаки, за Windows NT/2000/XP
17. 17 Company Proprietary and ConfidentialThe document name can go here
Microsoft Network Monitor 3.4
• Безплатна програма
• Средство за преглед на съдържанието в мрежовите пакети,
което се изпраща и се получава в реално време или от
предишни запаметени данни
• Поддържа комплексни анализи на данните по мрежата
посредством филтриращи възможности
18. 18 Company Proprietary and ConfidentialThe document name can go here
Microsoft Network Monitor 3.4
21. 21 Company Proprietary and ConfidentialThe document name can go here
Средства за следене на
мрежовия статус
22. 22 Company Proprietary and ConfidentialThe document name can go here
Заключение
• sniffing атаките не са толкова безобидни
• чрез тях може да се извлече важна информация за
конкретен потребител
• до ден днешен продължават проучванията и
разследванията на проблеми свързани с кибератаките
• сигурността е един от най-важните фактори в живота на
всеки един човек
24. 24 Company Proprietary and ConfidentialThe document name can go here
Благодаря за вниманието!
25. 25 Company Proprietary and ConfidentialThe document name can go here
Особености на sniffing
атаките и как да се
предпазим от тях
Варна 2014
Изготвил:
Йоанна Георгиева
фак.н: 11577