SlideShare a Scribd company logo

Triển khai Modsecurity vào hệ thống NMS - Quan Minh Tâm

Download as PPTX, PDF
Security Bootcamp
Security Bootcamp

The document discusses various techniques for web application security and traffic analysis using ModSecurity, including real-time application profiling, hacker traps, anomaly scoring, correlation of inbound and outbound events, detecting malicious links, unicode normalization, abnormal header ordering, detecting page title changes, device fingerprinting, and slowing down automated attacks. It also mentions using ELK (Elasticsearch, Logstash, Kibana) for real-time analysis of streaming log data.

1 of 47
MODSECURITY ELK If we do not wish to fight we can prevent! {
ModSecurity Security Bootcamp 2014 2
*log Security Bootcamp 2014 3
ELK Security Bootcamp 2014 4
ModSecurity Ryan C. Barnett ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the "Swiss Army Knife" of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections. Blackhat Arsenal 2014 Security Bootcamp 2014 5
Surviving D-Day Omaha Beach 1944 Security Bootcamp 2014 6
Surviving D-Day Omaha Beach 1944  Fake tank  Fake aircraft  Fake Napoli (Egypt)  Fake …… Security Bootcamp 2014 7
HoneyTraps with ModSecurity http://map.honeycloud.net/ Security Bootcamp 2014 8
1.Real-time Application Profiling Security Bootcamp 2014 9
Real-time Application Profiling  Request method(s)  Number of parameters (minimum/maximum range)  Parameter names  Parameter lengths (minimum/maximum range)  Parameter types  Flag (such as /path/to/foo.php?param)  Digits (such as /path/to/foo.php?param=1234)  Alpha (such as /path/to/foo.php?param=abcd)  Alphanumeric (such as /path/to/foo.php?param=abcd1234)  E-mail (such as /path/to/foo.php?param=foo@bar.com)  Path (such as /path/to/foo.php?param=/dir/somefile.txt)  URL (such as /path/to/foo.php?param=http://somehost/dir/file.txt)  SafeText (such as /path/to/foo.php?param=some_data-12) Security Bootcamp 2014 10
Real-time Application Profiling Security Bootcamp 2014 11
Post-Process Profiling Security Bootcamp 2014 12
4 scenarios  If the HTTP response code is 404, the resource doesn’t exist. In this case, not only do we skip the profiling, but we also remove the resource key, so we delete the persistent storage. This is achieved by using the setvar:!resource.KEY action.  If the HTTP response code is either level 4xx or level 5xx, the application says something is wrong with the transaction, so we won’t profile it in this case either.  The OWASP ModSecurity Core Rule Set (CRS) can use anomaly scoring. We can check this transactional anomaly score. If it is anything other than 0, we should skip profiling.  Finally, we have already seen enough traffic for our profiling model and are currently in enforcement mode, so we skip profiling. Security Bootcamp 2014 13
2. Hacker Traps Security Bootcamp 2014 14
Hacker Traps  Unused Web Ports  Fake robots.txt Disallow Entries  Fake HTML comments  Fake hidden form fields  Fake cookies Security Bootcamp 2014 15
Hacker Traps Unused Web Ports Security Bootcamp 2014 16
Hacker Traps Fake robots.txt Disallow Entries Security Bootcamp 2014 17
Hacker Traps Fake HTML comments Security Bootcamp 2014 18
Hacker Traps Fake HTML comments Security Bootcamp 2014 19
Hacker Traps Fake hidden form fields Security Bootcamp 2014 20
Hacker Traps Fake cookies Security Bootcamp 2014 21
Hacker Traps Fake cookies Security Bootcamp 2014 22
3a. Self-Contained vs. Collaborative Detection Security Bootcamp 2014 23
Self-Contained vs. Collaborative Detection Self-Contained Collaborative Security Bootcamp 2014 24
Anomaly Scoring Threshold Levels Security Bootcamp 2014 25
3b. Inbound/Outbound Correlation Security Bootcamp 2014 26
Correlation  Did an inbound attack occur?  Did an HTTP response status code error (4xx/5xx level) occur?  Did an application information leakage event occur? Security Bootcamp 2014 27
Correlation If an inbound attack was detected, and either an outbound application status codeerror or information leakage event was detected, the overall event severity is raised to one of the following:  • 0, EMERGENCY, is generated from correlation of anomaly scoring data where an inbound attack and an outbound leakage exist.  • 1, ALERT, is generated from correlation where an inbound attack and an outbound application-level error exist. Security Bootcamp 2014 28
4. Detecting Malicious Links Security Bootcamp 2014 29
Detecting Malicious Links  URI Blacklist RBL6  Google’s Safe Browsing API7  ModSecurity  @rbl operator  @gsbLookup operator  @rsub operator  SecGsbLookupDb directive  SecStreamOutBodyInspection directive  SecContentInjection directive  STREAM_OUTPUT_BODY variable Security Bootcamp 2014 30
5. Normalizing Unicode Security Bootcamp 2014 31
Normalizing Unicode  Best-Fit Mapping  Detecting Use of Full-/Half-Width Unicode Security Bootcamp 2014 32
Best-Fit Mapping %u3008scr%u0131pt%u3009%u212fval(%uFF07al%u212Frt(%22XSS%22)%u02C8)%u23 29/scr%u0131pt%u232A 〈(0x2329) ~= <(0x3c) 〈(0x3008) ~= <(0x3c) <(0xff1c) ~= <(0x3c) ʹ(0x2b9) ~= '(0x27) ʼ(0x2bc) ~= '(0x27) ˈ(0x2c8) ~= '(0x27) ′(0x2032) ~= '(0x27) '(0xff07) ~= '(0x27) Security Bootcamp 2014 33
Unicode Mapping Security Bootcamp 2014 34
Unicode Mapping Security Bootcamp 2014 35
Full-/Half-Width Unicode Security Bootcamp 2014 36
6. Abnormal Header Ordering Security Bootcamp 2014 37
Passive OS fingerprinting Security Bootcamp 2014 38
7. Detecting Page Title Changes Security Bootcamp 2014 39
Detecting Page Title Changes Security Bootcamp 2014 40
8. Web Client Device Fingerprinting Security Bootcamp 2014 41
Web Client Device Fingerprinting Security Bootcamp 2014 42
9. Slowing Down Automated Attack Tools Security Bootcamp 2014 43
Slowing Down Automated Attack Tools Security Bootcamp 2014 44
NSM Logstash Elasticsearch Kibana No code required Real-time analysis of streaming data Highly scalable Open source, community driven Security Bootcamp 2014 45
DEMO Security Bootcamp 2014 46
“ ” Thank you! Question, huh? FPT TELECOM Security Bootcamp 2014 47

Recommended

Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationNguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Security Bootcamp
 
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp
 
HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisHackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware Analysis
Antonio Parata
 
Neoito — Secure coding practices
Neoito — Secure coding practicesNeoito — Secure coding practices
Neoito — Secure coding practices
Neoito
 
.NET for hackers
.NET for hackers.NET for hackers
.NET for hackers
Antonio Parata
 
Malware Detection With Multiple Features
Malware Detection With Multiple FeaturesMalware Detection With Multiple Features
Malware Detection With Multiple Features
Muhammad Najmi Ahmad Zabidi
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
SecuRing
 
На страже ваших денег и данных
На страже ваших денег и данныхНа страже ваших денег и данных
На страже ваших денег и данных
Positive Hack Days
 

Recommended

Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationNguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Security Bootcamp
 
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp
 
HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisHackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware Analysis
Antonio Parata
 
Neoito — Secure coding practices
Neoito — Secure coding practicesNeoito — Secure coding practices
Neoito — Secure coding practices
Neoito
 
.NET for hackers
.NET for hackers.NET for hackers
.NET for hackers
Antonio Parata
 
Malware Detection With Multiple Features
Malware Detection With Multiple FeaturesMalware Detection With Multiple Features
Malware Detection With Multiple Features
Muhammad Najmi Ahmad Zabidi
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
SecuRing
 
На страже ваших денег и данных
На страже ваших денег и данныхНа страже ваших денег и данных
На страже ваших денег и данных
Positive Hack Days
 
Art of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoArt of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya Morimoto
Pichaya Morimoto
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with php
Mohmad Feroz
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn Cường
Võ Thái Lâm
 
Waf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScriptWaf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScript
Denis Kolegov
 
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
OWASP
 
Внедрение безопасности в веб-приложениях в среде выполнения
Внедрение безопасности в веб-приложениях в среде выполненияВнедрение безопасности в веб-приложениях в среде выполнения
Внедрение безопасности в веб-приложениях в среде выполнения
Positive Hack Days
 
Secure PHP Coding
Secure PHP CodingSecure PHP Coding
Secure PHP Coding
Narudom Roongsiriwong, CISSP
 
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
Ivan Piskunov
 
Indicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradicationIndicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradication
Michael Boman
 
How to drive a malware analyst crazy
How to drive a malware analyst crazyHow to drive a malware analyst crazy
How to drive a malware analyst crazy
Michael Boman
 
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesMMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
Cyphort
 
Automating Malware Analysis
Automating Malware AnalysisAutomating Malware Analysis
Automating Malware Analysis
securityxploded
 
Super1
Super1Super1
Super1neelakanteswarreddy
 
The Future of Automated Malware Generation
The Future of Automated Malware GenerationThe Future of Automated Malware Generation
The Future of Automated Malware GenerationStephan Chenette
 
B-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive DefenseB-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive Defense
Stephan Chenette
 
Secure Coding in C/C++
Secure Coding in C/C++Secure Coding in C/C++
Secure Coding in C/C++
Dan-Claudiu Dragoș
 
Challenges in High Accuracy of Malware Detection
Challenges in High Accuracy of Malware DetectionChallenges in High Accuracy of Malware Detection
Challenges in High Accuracy of Malware Detection
Muhammad Najmi Ahmad Zabidi
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter Himself
Sergey Soldatov
 
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionApplication and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental Edition
Daniel Owens
 
Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc DuyHướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
Security Bootcamp
 
Chu nhat 02 luu thanh tra e-prior e-trust
Chu nhat 02 luu thanh tra e-prior e-trustChu nhat 02 luu thanh tra e-prior e-trust
Chu nhat 02 luu thanh tra e-prior e-trustSecurity Bootcamp
 

More Related Content

What's hot

Art of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoArt of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya Morimoto
Pichaya Morimoto
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with php
Mohmad Feroz
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn Cường
Võ Thái Lâm
 
Waf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScriptWaf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScript
Denis Kolegov
 
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
OWASP
 
Внедрение безопасности в веб-приложениях в среде выполнения
Внедрение безопасности в веб-приложениях в среде выполненияВнедрение безопасности в веб-приложениях в среде выполнения
Внедрение безопасности в веб-приложениях в среде выполнения
Positive Hack Days
 
Secure PHP Coding
Secure PHP CodingSecure PHP Coding
Secure PHP Coding
Narudom Roongsiriwong, CISSP
 
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
Ivan Piskunov
 
Indicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradicationIndicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradication
Michael Boman
 
How to drive a malware analyst crazy
How to drive a malware analyst crazyHow to drive a malware analyst crazy
How to drive a malware analyst crazy
Michael Boman
 
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesMMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
Cyphort
 
Automating Malware Analysis
Automating Malware AnalysisAutomating Malware Analysis
Automating Malware Analysis
securityxploded
 
The Future of Automated Malware Generation
The Future of Automated Malware GenerationThe Future of Automated Malware Generation
The Future of Automated Malware GenerationStephan Chenette
 
B-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive DefenseB-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive Defense
Stephan Chenette
 
Secure Coding in C/C++
Secure Coding in C/C++Secure Coding in C/C++
Secure Coding in C/C++
Dan-Claudiu Dragoș
 
Challenges in High Accuracy of Malware Detection
Challenges in High Accuracy of Malware DetectionChallenges in High Accuracy of Malware Detection
Challenges in High Accuracy of Malware Detection
Muhammad Najmi Ahmad Zabidi
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter Himself
Sergey Soldatov
 
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionApplication and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental Edition
Daniel Owens
 

What's hot (20)

Art of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoArt of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya Morimoto
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with php
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn Cường
 
Waf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScriptWaf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScript
 
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
 
Внедрение безопасности в веб-приложениях в среде выполнения
Внедрение безопасности в веб-приложениях в среде выполненияВнедрение безопасности в веб-приложениях в среде выполнения
Внедрение безопасности в веб-приложениях в среде выполнения
 
Secure PHP Coding
Secure PHP CodingSecure PHP Coding
Secure PHP Coding
 
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
 
Indicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradicationIndicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradication
 
How to drive a malware analyst crazy
How to drive a malware analyst crazyHow to drive a malware analyst crazy
How to drive a malware analyst crazy
 
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesMMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
 
Automating Malware Analysis
Automating Malware AnalysisAutomating Malware Analysis
Automating Malware Analysis
 
Super1
Super1Super1
Super1
 
The Future of Automated Malware Generation
The Future of Automated Malware GenerationThe Future of Automated Malware Generation
The Future of Automated Malware Generation
 
B-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive DefenseB-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive Defense
 
Secure Coding in C/C++
Secure Coding in C/C++Secure Coding in C/C++
Secure Coding in C/C++
 
Challenges in High Accuracy of Malware Detection
Challenges in High Accuracy of Malware DetectionChallenges in High Accuracy of Malware Detection
Challenges in High Accuracy of Malware Detection
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter Himself
 
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionApplication and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental Edition
 

Viewers also liked

Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc DuyHướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
Security Bootcamp
 
Chu nhat 02 luu thanh tra e-prior e-trust
Chu nhat 02 luu thanh tra e-prior e-trustChu nhat 02 luu thanh tra e-prior e-trust
Chu nhat 02 luu thanh tra e-prior e-trustSecurity Bootcamp
 
Xây dựng cộng đồng - Lê Trung Nghĩa - Bộ KHCN
Xây dựng cộng đồng - Lê Trung Nghĩa - Bộ KHCNXây dựng cộng đồng - Lê Trung Nghĩa - Bộ KHCN
Xây dựng cộng đồng - Lê Trung Nghĩa - Bộ KHCN
Security Bootcamp
 
Thu 6 03 bootcamp 2014 - xxe injection - nguyen tang hung
Thu 6 03 bootcamp 2014 - xxe injection - nguyen tang hungThu 6 03 bootcamp 2014 - xxe injection - nguyen tang hung
Thu 6 03 bootcamp 2014 - xxe injection - nguyen tang hungSecurity Bootcamp
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn Cường
Security Bootcamp
 
Finfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtFinfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn Việt
Security Bootcamp
 
Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...
Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...
Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...
Security Bootcamp
 
Khai thác lỗi phần mềm thi chứng chỉ của Microsoft - Phạm Đình Thắng
Khai thác lỗi phần mềm thi chứng chỉ của Microsoft - Phạm Đình ThắngKhai thác lỗi phần mềm thi chứng chỉ của Microsoft - Phạm Đình Thắng
Khai thác lỗi phần mềm thi chứng chỉ của Microsoft - Phạm Đình Thắng
Security Bootcamp
 
Phan Phú Thuận - VNCERT
Phan Phú Thuận - VNCERTPhan Phú Thuận - VNCERT
Phan Phú Thuận - VNCERT
Security Bootcamp
 
Võ Nhân Văn - Tối ưu hóa hạ tầng và đảm bảo attt trong ngành ngân hàng
Võ Nhân Văn - Tối ưu hóa hạ tầng và đảm bảo attt trong ngành ngân hàngVõ Nhân Văn - Tối ưu hóa hạ tầng và đảm bảo attt trong ngành ngân hàng
Võ Nhân Văn - Tối ưu hóa hạ tầng và đảm bảo attt trong ngành ngân hàng
Security Bootcamp
 
Thu 6 04 advance penetration test with armitage
Thu 6 04 advance penetration test with armitageThu 6 04 advance penetration test with armitage
Thu 6 04 advance penetration test with armitageSecurity Bootcamp
 
Sử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng DươngSử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng Dương
Security Bootcamp
 
Đặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nước
Đặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nướcĐặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nước
Đặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nước
Security Bootcamp
 
NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh Đức
NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh ĐứcNETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh Đức
NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh Đức
Security Bootcamp
 
Tình hình ANTT ở Việt Nam - Lê Công Phú - CMC Infosec
Tình hình ANTT ở Việt Nam - Lê Công Phú - CMC InfosecTình hình ANTT ở Việt Nam - Lê Công Phú - CMC Infosec
Tình hình ANTT ở Việt Nam - Lê Công Phú - CMC Infosec
Security Bootcamp
 
Security Bootcamp 2013 penetration testing (basic)
Security Bootcamp 2013 penetration testing (basic)Security Bootcamp 2013 penetration testing (basic)
Security Bootcamp 2013 penetration testing (basic)Security Bootcamp
 
Security Bootcamp 2013 - Định hướng công việc ngành ATTT - Nguyễn Hải Long
Security Bootcamp 2013 - Định hướng công việc ngành ATTT - Nguyễn Hải LongSecurity Bootcamp 2013 - Định hướng công việc ngành ATTT - Nguyễn Hải Long
Security Bootcamp 2013 - Định hướng công việc ngành ATTT - Nguyễn Hải LongSecurity Bootcamp
 
Lê Trung Nghĩa - Suggestions after VNA attack with template
Lê Trung Nghĩa - Suggestions after VNA attack with templateLê Trung Nghĩa - Suggestions after VNA attack with template
Lê Trung Nghĩa - Suggestions after VNA attack with template
Security Bootcamp
 
Nguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISONguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISO
Security Bootcamp
 
Pham Ngọc Bắc - An toàn thông tin dưới góc nhìn Quản lý theo tiêu chuẩn Quốc...
Pham Ngọc Bắc - An toàn thông tin dưới góc nhìn Quản lý theo tiêu chuẩn Quốc...Pham Ngọc Bắc - An toàn thông tin dưới góc nhìn Quản lý theo tiêu chuẩn Quốc...
Pham Ngọc Bắc - An toàn thông tin dưới góc nhìn Quản lý theo tiêu chuẩn Quốc...
Security Bootcamp
 

Viewers also liked (20)

Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc DuyHướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
 
Chu nhat 02 luu thanh tra e-prior e-trust
Chu nhat 02 luu thanh tra e-prior e-trustChu nhat 02 luu thanh tra e-prior e-trust
Chu nhat 02 luu thanh tra e-prior e-trust
 
Xây dựng cộng đồng - Lê Trung Nghĩa - Bộ KHCN
Xây dựng cộng đồng - Lê Trung Nghĩa - Bộ KHCNXây dựng cộng đồng - Lê Trung Nghĩa - Bộ KHCN
Xây dựng cộng đồng - Lê Trung Nghĩa - Bộ KHCN
 
Thu 6 03 bootcamp 2014 - xxe injection - nguyen tang hung
Thu 6 03 bootcamp 2014 - xxe injection - nguyen tang hungThu 6 03 bootcamp 2014 - xxe injection - nguyen tang hung
Thu 6 03 bootcamp 2014 - xxe injection - nguyen tang hung
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn Cường
 
Finfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtFinfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn Việt
 
Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...
Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...
Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...
 
Khai thác lỗi phần mềm thi chứng chỉ của Microsoft - Phạm Đình Thắng
Khai thác lỗi phần mềm thi chứng chỉ của Microsoft - Phạm Đình ThắngKhai thác lỗi phần mềm thi chứng chỉ của Microsoft - Phạm Đình Thắng
Khai thác lỗi phần mềm thi chứng chỉ của Microsoft - Phạm Đình Thắng
 
Phan Phú Thuận - VNCERT
Phan Phú Thuận - VNCERTPhan Phú Thuận - VNCERT
Phan Phú Thuận - VNCERT
 
Võ Nhân Văn - Tối ưu hóa hạ tầng và đảm bảo attt trong ngành ngân hàng
Võ Nhân Văn - Tối ưu hóa hạ tầng và đảm bảo attt trong ngành ngân hàngVõ Nhân Văn - Tối ưu hóa hạ tầng và đảm bảo attt trong ngành ngân hàng
Võ Nhân Văn - Tối ưu hóa hạ tầng và đảm bảo attt trong ngành ngân hàng
 
Thu 6 04 advance penetration test with armitage
Thu 6 04 advance penetration test with armitageThu 6 04 advance penetration test with armitage
Thu 6 04 advance penetration test with armitage
 
Sử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng DươngSử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng Dương
 
Đặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nước
Đặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nướcĐặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nước
Đặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nước
 
NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh Đức
NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh ĐứcNETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh Đức
NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh Đức
 
Tình hình ANTT ở Việt Nam - Lê Công Phú - CMC Infosec
Tình hình ANTT ở Việt Nam - Lê Công Phú - CMC InfosecTình hình ANTT ở Việt Nam - Lê Công Phú - CMC Infosec
Tình hình ANTT ở Việt Nam - Lê Công Phú - CMC Infosec
 
Security Bootcamp 2013 penetration testing (basic)
Security Bootcamp 2013 penetration testing (basic)Security Bootcamp 2013 penetration testing (basic)
Security Bootcamp 2013 penetration testing (basic)
 
Security Bootcamp 2013 - Định hướng công việc ngành ATTT - Nguyễn Hải Long
Security Bootcamp 2013 - Định hướng công việc ngành ATTT - Nguyễn Hải LongSecurity Bootcamp 2013 - Định hướng công việc ngành ATTT - Nguyễn Hải Long
Security Bootcamp 2013 - Định hướng công việc ngành ATTT - Nguyễn Hải Long
 
Lê Trung Nghĩa - Suggestions after VNA attack with template
Lê Trung Nghĩa - Suggestions after VNA attack with templateLê Trung Nghĩa - Suggestions after VNA attack with template
Lê Trung Nghĩa - Suggestions after VNA attack with template
 
Nguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISONguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISO
 
Pham Ngọc Bắc - An toàn thông tin dưới góc nhìn Quản lý theo tiêu chuẩn Quốc...
Pham Ngọc Bắc - An toàn thông tin dưới góc nhìn Quản lý theo tiêu chuẩn Quốc...Pham Ngọc Bắc - An toàn thông tin dưới góc nhìn Quản lý theo tiêu chuẩn Quốc...
Pham Ngọc Bắc - An toàn thông tin dưới góc nhìn Quản lý theo tiêu chuẩn Quốc...
 

Similar to Triển khai Modsecurity vào hệ thống NMS - Quan Minh Tâm

Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
securityxploded
 
The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...
Priyanka Aash
 
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP
 
Methods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngMethods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngDmitry Evteev
 
Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1
Cysinfo Cyber Security Community
 
Gunadarma workshop security
Gunadarma workshop securityGunadarma workshop security
Gunadarma workshop security
Rungga Reksya Sabilillah
 
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Chong-Kuan Chen
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
Sylvain Martinez
 
Verification of Security for Untrusted Third Party IP Cores
Verification of Security for Untrusted Third Party IP CoresVerification of Security for Untrusted Third Party IP Cores
Verification of Security for Untrusted Third Party IP Cores
IRJET Journal
 
Securing TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APISecuring TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography API
Kevin Hakanson
 
Owasp masvs spain 17
Owasp masvs spain 17Owasp masvs spain 17
Owasp masvs spain 17
Luis A. Solís
 
Jump-Start The MASVS
Jump-Start The MASVSJump-Start The MASVS
Jump-Start The MASVS
Prathan Phongthiproek
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous Environment
Stefano Maccaglia
 
Automotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerAutomotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a Hacker
ForAllSecure
 
Enterprise Mobile Security and OWASP Compliance
Enterprise Mobile Security and OWASP ComplianceEnterprise Mobile Security and OWASP Compliance
Enterprise Mobile Security and OWASP Compliance
Alec Tucker
 
Semi-Automated Security Testing of Web applications
Semi-Automated Security Testing of Web applicationsSemi-Automated Security Testing of Web applications
Semi-Automated Security Testing of Web applications
Ram G Athreya
 
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisThreats, Threat Modeling and Analysis
Threats, Threat Modeling and Analysis
Ian G
 
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisReversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisAbdulrahman Bassam
 
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
Felipe Prado
 
The Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecurityThe Four Horsemen of Mobile Security
The Four Horsemen of Mobile Security
Skycure
 

Similar to Triển khai Modsecurity vào hệ thống NMS - Quan Minh Tâm (20)

Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
 
The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...
 
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
 
Methods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngMethods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall Eng
 
Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1
 
Gunadarma workshop security
Gunadarma workshop securityGunadarma workshop security
Gunadarma workshop security
 
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
 
Verification of Security for Untrusted Third Party IP Cores
Verification of Security for Untrusted Third Party IP CoresVerification of Security for Untrusted Third Party IP Cores
Verification of Security for Untrusted Third Party IP Cores
 
Securing TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APISecuring TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography API
 
Owasp masvs spain 17
Owasp masvs spain 17Owasp masvs spain 17
Owasp masvs spain 17
 
Jump-Start The MASVS
Jump-Start The MASVSJump-Start The MASVS
Jump-Start The MASVS
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous Environment
 
Automotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerAutomotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a Hacker
 
Enterprise Mobile Security and OWASP Compliance
Enterprise Mobile Security and OWASP ComplianceEnterprise Mobile Security and OWASP Compliance
Enterprise Mobile Security and OWASP Compliance
 
Semi-Automated Security Testing of Web applications
Semi-Automated Security Testing of Web applicationsSemi-Automated Security Testing of Web applications
Semi-Automated Security Testing of Web applications
 
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisThreats, Threat Modeling and Analysis
Threats, Threat Modeling and Analysis
 
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisReversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysis
 
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
 
The Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecurityThe Four Horsemen of Mobile Security
The Four Horsemen of Mobile Security
 

More from Security Bootcamp

Ransomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
Security Bootcamp
 
Hieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurityHieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurity
Security Bootcamp
 
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewNguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Security Bootcamp
 
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe moSbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
Security Bootcamp
 
Deception change-the-game
Deception change-the-gameDeception change-the-game
Deception change-the-game
Security Bootcamp
 
Giam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdrGiam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdr
Security Bootcamp
 
Sbc2019 luong-cyber startup
Sbc2019 luong-cyber startupSbc2019 luong-cyber startup
Sbc2019 luong-cyber startup
Security Bootcamp
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-want
Security Bootcamp
 
Macro malware common techniques - public
Macro malware common techniques - publicMacro malware common techniques - public
Macro malware common techniques - public
Security Bootcamp
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
Security Bootcamp
 
Tim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cuTim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cu
Security Bootcamp
 
Threat detection with 0 cost
Threat detection with 0 costThreat detection with 0 cost
Threat detection with 0 cost
Security Bootcamp
 
Build SOC
Build SOC Build SOC
Build SOC
Security Bootcamp
 
AD red vs blue
AD red vs blueAD red vs blue
AD red vs blue
Security Bootcamp
 
Securitybox
SecurityboxSecuritybox
Securitybox
Security Bootcamp
 
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active DirectoryGOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
Security Bootcamp
 
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
Security Bootcamp
 
Api security-present
Api security-presentApi security-present
Api security-present
Security Bootcamp
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber Attacks
Security Bootcamp
 
Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018
Security Bootcamp
 

More from Security Bootcamp (20)

Ransomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
 
Hieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurityHieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurity
 
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewNguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
 
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe moSbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
 
Deception change-the-game
Deception change-the-gameDeception change-the-game
Deception change-the-game
 
Giam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdrGiam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdr
 
Sbc2019 luong-cyber startup
Sbc2019 luong-cyber startupSbc2019 luong-cyber startup
Sbc2019 luong-cyber startup
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-want
 
Macro malware common techniques - public
Macro malware common techniques - publicMacro malware common techniques - public
Macro malware common techniques - public
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
 
Tim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cuTim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cu
 
Threat detection with 0 cost
Threat detection with 0 costThreat detection with 0 cost
Threat detection with 0 cost
 
Build SOC
Build SOC Build SOC
Build SOC
 
AD red vs blue
AD red vs blueAD red vs blue
AD red vs blue
 
Securitybox
SecurityboxSecuritybox
Securitybox
 
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active DirectoryGOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
 
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
 
Api security-present
Api security-presentApi security-present
Api security-present
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber Attacks
 
Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018
 

Recently uploaded

Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
OECD Directorate for Financial and Enterprise Affairs
 
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Sebastiano Panichella
 
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptxsomanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
Howard Spence
 
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdfBonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
khadija278284
 
Obesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditionsObesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditions
Faculty of Medicine And Health Sciences
 
International Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software TestingInternational Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software Testing
Sebastiano Panichella
 
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Orkestra
 
Eureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 PresentationEureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 Presentation
Access Innovations, Inc.
 
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXOBitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Matjaž Lipuš
 
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Sebastiano Panichella
 
Getting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control TowerGetting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control Tower
Vladimir Samoylov
 
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
OWASP Beja
 
Acorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutesAcorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutes
IP ServerOne
 

Recently uploaded (13)

Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
 
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
 
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptxsomanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
 
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdfBonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
 
Obesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditionsObesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditions
 
International Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software TestingInternational Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software Testing
 
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
 
Eureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 PresentationEureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 Presentation
 
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXOBitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXO
 
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...
 
Getting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control TowerGetting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control Tower
 
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
 
Acorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutesAcorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutes
 

Triển khai Modsecurity vào hệ thống NMS - Quan Minh Tâm

  • 1. MODSECURITY ELK If we do not wish to fight we can prevent! {
  • 5. ModSecurity Ryan C. Barnett ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the "Swiss Army Knife" of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections. Blackhat Arsenal 2014 Security Bootcamp 2014 5
  • 6. Surviving D-Day Omaha Beach 1944 Security Bootcamp 2014 6
  • 7. Surviving D-Day Omaha Beach 1944  Fake tank  Fake aircraft  Fake Napoli (Egypt)  Fake …… Security Bootcamp 2014 7
  • 8. HoneyTraps with ModSecurity http://map.honeycloud.net/ Security Bootcamp 2014 8
  • 9. 1.Real-time Application Profiling Security Bootcamp 2014 9
  • 10. Real-time Application Profiling  Request method(s)  Number of parameters (minimum/maximum range)  Parameter names  Parameter lengths (minimum/maximum range)  Parameter types  Flag (such as /path/to/foo.php?param)  Digits (such as /path/to/foo.php?param=1234)  Alpha (such as /path/to/foo.php?param=abcd)  Alphanumeric (such as /path/to/foo.php?param=abcd1234)  E-mail (such as /path/to/foo.php?param=foo@bar.com)  Path (such as /path/to/foo.php?param=/dir/somefile.txt)  URL (such as /path/to/foo.php?param=http://somehost/dir/file.txt)  SafeText (such as /path/to/foo.php?param=some_data-12) Security Bootcamp 2014 10
  • 11. Real-time Application Profiling Security Bootcamp 2014 11
  • 13. 4 scenarios  If the HTTP response code is 404, the resource doesn’t exist. In this case, not only do we skip the profiling, but we also remove the resource key, so we delete the persistent storage. This is achieved by using the setvar:!resource.KEY action.  If the HTTP response code is either level 4xx or level 5xx, the application says something is wrong with the transaction, so we won’t profile it in this case either.  The OWASP ModSecurity Core Rule Set (CRS) can use anomaly scoring. We can check this transactional anomaly score. If it is anything other than 0, we should skip profiling.  Finally, we have already seen enough traffic for our profiling model and are currently in enforcement mode, so we skip profiling. Security Bootcamp 2014 13
  • 14. 2. Hacker Traps Security Bootcamp 2014 14
  • 15. Hacker Traps  Unused Web Ports  Fake robots.txt Disallow Entries  Fake HTML comments  Fake hidden form fields  Fake cookies Security Bootcamp 2014 15
  • 16. Hacker Traps Unused Web Ports Security Bootcamp 2014 16
  • 17. Hacker Traps Fake robots.txt Disallow Entries Security Bootcamp 2014 17
  • 18. Hacker Traps Fake HTML comments Security Bootcamp 2014 18
  • 19. Hacker Traps Fake HTML comments Security Bootcamp 2014 19
  • 20. Hacker Traps Fake hidden form fields Security Bootcamp 2014 20
  • 21. Hacker Traps Fake cookies Security Bootcamp 2014 21
  • 22. Hacker Traps Fake cookies Security Bootcamp 2014 22
  • 23. 3a. Self-Contained vs. Collaborative Detection Security Bootcamp 2014 23
  • 24. Self-Contained vs. Collaborative Detection Self-Contained Collaborative Security Bootcamp 2014 24
  • 25. Anomaly Scoring Threshold Levels Security Bootcamp 2014 25
  • 26. 3b. Inbound/Outbound Correlation Security Bootcamp 2014 26
  • 27. Correlation  Did an inbound attack occur?  Did an HTTP response status code error (4xx/5xx level) occur?  Did an application information leakage event occur? Security Bootcamp 2014 27
  • 28. Correlation If an inbound attack was detected, and either an outbound application status codeerror or information leakage event was detected, the overall event severity is raised to one of the following:  • 0, EMERGENCY, is generated from correlation of anomaly scoring data where an inbound attack and an outbound leakage exist.  • 1, ALERT, is generated from correlation where an inbound attack and an outbound application-level error exist. Security Bootcamp 2014 28
  • 29. 4. Detecting Malicious Links Security Bootcamp 2014 29
  • 30. Detecting Malicious Links  URI Blacklist RBL6  Google’s Safe Browsing API7  ModSecurity  @rbl operator  @gsbLookup operator  @rsub operator  SecGsbLookupDb directive  SecStreamOutBodyInspection directive  SecContentInjection directive  STREAM_OUTPUT_BODY variable Security Bootcamp 2014 30
  • 31. 5. Normalizing Unicode Security Bootcamp 2014 31
  • 32. Normalizing Unicode  Best-Fit Mapping  Detecting Use of Full-/Half-Width Unicode Security Bootcamp 2014 32
  • 33. Best-Fit Mapping %u3008scr%u0131pt%u3009%u212fval(%uFF07al%u212Frt(%22XSS%22)%u02C8)%u23 29/scr%u0131pt%u232A 〈(0x2329) ~= <(0x3c) 〈(0x3008) ~= <(0x3c) <(0xff1c) ~= <(0x3c) ʹ(0x2b9) ~= '(0x27) ʼ(0x2bc) ~= '(0x27) ˈ(0x2c8) ~= '(0x27) ′(0x2032) ~= '(0x27) '(0xff07) ~= '(0x27) Security Bootcamp 2014 33
  • 34. Unicode Mapping Security Bootcamp 2014 34
  • 35. Unicode Mapping Security Bootcamp 2014 35
  • 37. 6. Abnormal Header Ordering Security Bootcamp 2014 37
  • 38. Passive OS fingerprinting Security Bootcamp 2014 38
  • 39. 7. Detecting Page Title Changes Security Bootcamp 2014 39
  • 40. Detecting Page Title Changes Security Bootcamp 2014 40
  • 41. 8. Web Client Device Fingerprinting Security Bootcamp 2014 41
  • 42. Web Client Device Fingerprinting Security Bootcamp 2014 42
  • 43. 9. Slowing Down Automated Attack Tools Security Bootcamp 2014 43
  • 44. Slowing Down Automated Attack Tools Security Bootcamp 2014 44
  • 45. NSM Logstash Elasticsearch Kibana No code required Real-time analysis of streaming data Highly scalable Open source, community driven Security Bootcamp 2014 45
  • 47. “ ” Thank you! Question, huh? FPT TELECOM Security Bootcamp 2014 47