The document discusses a workshop on incident response and handling and digital forensics presented by ACAD-CSIRT. It provides an overview of the incident response process, including preparation, identification, containment, eradication, recovery, and lessons learned. It also discusses the attacker's process and common techniques. The workshop covers the incident response lifecycle in detail and strategies for containment, including quarantining systems, documentation, backups, and digital forensics best practices.
Workshop Computer & Cyber Security, STTB Bandung, 23 Desember 2017IGN MANTRA
Workshop tentang computer dan cyber security, fundamental dgn windows 7,8, 10 OS, serta tools yang lain, diselenggarakan oleh HIMA TIF STTB Bandung, 23 Desember 2017
With more than 50,000 new malware created every day organisations can no longer afford to risk the financial and reputational impacts of a security or data breach, which can be too much for a business to recover from. Because of this, IT managers face increasing scrutiny and pressure from CEOs, managing directors and boards to prove that they are keeping the organisation secure.
The changing threat landscape means organisations need to be vigilant and smarter about security. While businesses still face threats from infected devices and malware, attackers have also moved beyond that. For example, there is an increasing number of targeted email attacks with cyber criminals spending time to monitor communications so they can imitate emails that are so sophisticated that even relatively savvy users will open them.
This webinar will explore the building blocks required to ensure you have the roadmap required to best protection against cyber attacks. We will provide you with a high level view of the following topics:
· Audit and discovery – What are your weaknesses and are you compliant?
· Education – Do your employees know when not to open that attachment?
· Policy – Do you have the right policies for your industry?
· Technology – Where to start and what has changed?
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
My take on the main themes and topic of National Cyber Security Awareness Month, including shared responsibility, the Internet of Things, STEM education and the cyber workforce.
A security awareness presentation created for an audience of senior officials from MTNL (India's foremost telecom PSU). The presentation covers fundamentals of Information Security, it's evolution, present day risks from the IT and Telecom infrastructure perspective.
The difference between Cybersecurity and Information SecurityPECB
Cybersecurity is a growing and rapidly changing field, and it is crucial that the central concepts that frame and define this increasingly pervasive field are understood by professionals who are involved and concerned with the security implications of information technology (IT).
• The evolution of Cybersecurity
• Protecting Digital Assets
• Difference between Cybersecurity and Information Security
• Cybersecurity Objectives
• Future of Cybersecurity
Presenter:
Hafiz Adnan is an IT GRC, Security Consultant and Lead Auditor and a PECB Certified Trainer with over 11 years of significant, progressive experience in Information Technology field, focusing on Information Security, IT Governance, ISO Standards Implementation & Compliance, IT Service Management, Risk Management, Information Security & IT Service Management Audits, Software Project Management and Process Improvement.
Link of the recorded session published on YouTube: https://youtu.be/BA670iVPi5c
Securing Your Digital Files from Legal ThreatsAbbie Hosta
Get ready to learn some immensely powerful tips and management approaches designed to safeguard your digital files firm from today’s growing cyber threats. Dive into Worldox technology and how it helps clients ensure compliance with ABA rules and protect your documents. We’ll offer practical guidance and strategies for Worldox users, law firm administrators, and IT managers looking to secure their documents and protect their sensitive client, business and employee information.
Workshop Computer & Cyber Security, STTB Bandung, 23 Desember 2017IGN MANTRA
Workshop tentang computer dan cyber security, fundamental dgn windows 7,8, 10 OS, serta tools yang lain, diselenggarakan oleh HIMA TIF STTB Bandung, 23 Desember 2017
With more than 50,000 new malware created every day organisations can no longer afford to risk the financial and reputational impacts of a security or data breach, which can be too much for a business to recover from. Because of this, IT managers face increasing scrutiny and pressure from CEOs, managing directors and boards to prove that they are keeping the organisation secure.
The changing threat landscape means organisations need to be vigilant and smarter about security. While businesses still face threats from infected devices and malware, attackers have also moved beyond that. For example, there is an increasing number of targeted email attacks with cyber criminals spending time to monitor communications so they can imitate emails that are so sophisticated that even relatively savvy users will open them.
This webinar will explore the building blocks required to ensure you have the roadmap required to best protection against cyber attacks. We will provide you with a high level view of the following topics:
· Audit and discovery – What are your weaknesses and are you compliant?
· Education – Do your employees know when not to open that attachment?
· Policy – Do you have the right policies for your industry?
· Technology – Where to start and what has changed?
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
My take on the main themes and topic of National Cyber Security Awareness Month, including shared responsibility, the Internet of Things, STEM education and the cyber workforce.
A security awareness presentation created for an audience of senior officials from MTNL (India's foremost telecom PSU). The presentation covers fundamentals of Information Security, it's evolution, present day risks from the IT and Telecom infrastructure perspective.
The difference between Cybersecurity and Information SecurityPECB
Cybersecurity is a growing and rapidly changing field, and it is crucial that the central concepts that frame and define this increasingly pervasive field are understood by professionals who are involved and concerned with the security implications of information technology (IT).
• The evolution of Cybersecurity
• Protecting Digital Assets
• Difference between Cybersecurity and Information Security
• Cybersecurity Objectives
• Future of Cybersecurity
Presenter:
Hafiz Adnan is an IT GRC, Security Consultant and Lead Auditor and a PECB Certified Trainer with over 11 years of significant, progressive experience in Information Technology field, focusing on Information Security, IT Governance, ISO Standards Implementation & Compliance, IT Service Management, Risk Management, Information Security & IT Service Management Audits, Software Project Management and Process Improvement.
Link of the recorded session published on YouTube: https://youtu.be/BA670iVPi5c
Securing Your Digital Files from Legal ThreatsAbbie Hosta
Get ready to learn some immensely powerful tips and management approaches designed to safeguard your digital files firm from today’s growing cyber threats. Dive into Worldox technology and how it helps clients ensure compliance with ABA rules and protect your documents. We’ll offer practical guidance and strategies for Worldox users, law firm administrators, and IT managers looking to secure their documents and protect their sensitive client, business and employee information.
Cyber Security Professionals Viewed via Supply Chainaletarw
This research examines the issue of supply and demand for cybersecurity professionals to determine how to optimize the output of cybersecurity professionals through a supply chain. It was found that progress is impeded by the lack of a clearly defined and standardized definition of a cybersecurity worker and their associated knowledge, skills, and abilities. There is a known shortage of cybersecurity professionals that is affecting the ability of the United States to fulfil the mandate of President Obama who declared that the protection of our digital infrastructure is a national security priority. The problem with this declaration is that a literature review confirms there is no standard definition of a cybersecurity worker, associated skills, or educational requirements. The cybersecurity workforce to which we speak in this report consists of those who self-identify as cyber or security specialists as well as those who build and maintain the nation’s critical infrastructure. Considering the criticality of the national infrastructure, it is time for the US to take immediate steps to coordinate the development of the cybersecurity field and its associated workforce supply chain.
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?PECB
Ethical hacking helps organizations in preventing the exploitation and vulnerabilities of their system’s data.
Today, several real-world testing methods are used to avoid cyber-attacks and secure important data from exploitation.
The webinar covers
• Ethical Hacking
• Penetration Testing
• Differences and Similarities
• Types & Stages of Penetration Testing
• Cybersecurity
• Impact of COVID-19 on Cybersecurity
Presenters:
Carl Carpenter
Carl is a former CISO of a $6B entity where he was responsible for protecting data of all types and regulatory environments such as FFIEC, HIPAA, and PCI as well as working with the FBI, IRS, and US Department of Labor around investigations relating to money laundering. He has performed assessments against Fortune 10 and 50 companies in the areas of GDPR, CCPA, ISO/IEC 27001 and currently performs CMMC assessments as well as CMMC pre-audit support to help ensure a successful CMMC audit. Prior to that, Carl retired from the US Military where he was involved in counter-terrorist, counter-narcotics, counter-intelligence operations and training foreign military members in these same concepts. Carl is also a PECB trainer in ISO/IEC 27001, ISO/IEC 27032, and CMMC Foundations and holds numerous other certifications.
In 2016, Carl joined Arrakis Consulting where he started as an auditor and providing CISO-as-a-Service to small or medium sized companies that needed more experience without increased cost. In 2017, Carl added active penetration testing to his portfolio of skills and routinely performs penetration tests against companies of all sizes. Carl also trains people on a variety of skills such as penetration testing, network engineering, network administration, OSI model, subnetting, etc…
Carl holds a Bachelors from Western Governors University in Network Security and Operations as well as numerous certifications from ITIL, Cisco, CompTIA, Microsoft, CMMC-AB, ISACA, OneTrust, RSA, PCI Council, Citrix, and Novell
Andreas Christoforides
Mr. Christoforides is an active IT auditor and a trainer for a various organization on Information Security Management Systems. He is a member of the Cyprus Computer Society, a PECB certified trainer for ISO/IEC 27001, ISO 22301 and GDPR CDPO, and a former Deputy Head of IT Infrastructure at a Bulgarian Leading Bank.
In 2019, he joined BEWISE and delivered to clients a wide range of Cybersecurity projects in the areas of strategy, governance and risk management, data privacy and protection (GDPR), and business resilience and recovery. He conducts IT Risk Assessments and develops IT policies and procedures towards establishing an effective and secure IT Governance framework.
Mr. Christoforides holds a BEng degree from Birmingham City University and a variety of other qualifications from Microsoft and CISCO.
YouTube video: https://youtu.be/cTrdBZFIFhM
Website link: https://pecb.com/
The body of technologies, processes and practices designed to protect networks, devices, programs and data from attack, damage, or unauthorized access is referred to as cyber security. It is also known as information technology security. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems.
Patents are a good information resource for obtaining the state of the art of deep learning for cybersecurity technology innovation insights.
I. Deep Learning for Cybersecurity Technology Innovation Status
Patents that specifically describe the major deep learning applications in cybersecurity are a good indicator of the deep learning for cybersecurity innovations in a specific innovation entity. To find the deep learning for cybersecurity technology innovation status, patent applications in the USPTO as of May 31, 2020 that specifically describe the major deep learning applications in cybersecurity are searched and reviewed. 31 published patent applications that are related to the key deep learning for cybersecurity technology innovation are selected for detail analysis.
II. Deep Learning for Cybersecurity Technology Innovation Details
Patent information can provide many valuable insights that can be exploited for developing and implementing new technologies. Patents can also be exploited to identify new product/service development opportunities.
Industrial IoT Cyber-Attack Detection/General Electric
Malicious Code Detection/Royal Bank of Canada
Cyber Security is the most important constituent of Information Technology
that protects all kinds of information systems, (personal or professional) against
all the vulnerabilities and potential attacks via the internet.
Computer hacking and security - Social Responsibility of IT Professional by M...Mark John Lado, MIT
Computer hacking and security - Social Responsibility of IT Professional by Mark John Lado and Franklin Lasdoce
*******
Technology is science or knowledge put into practical use to solve problems or invent useful tools. A computer is one of the examples of technology it is a programmable electronic device that accepts raw data as input and processes it with a set of instructions (a program) to produce the result as an output.
Technology is robust, where hacking is now common, there are two different types of hacking, ethical hacking, and unethical hacking.
The Same Tools Are Used By Both Hackers And Ethical Hackers. The Only Difference Is That Hackers Use Tools To Steal Or Destroy Information Whereas Ethical Hackers Use the Same Tools To Safeguard Systems From “Hackers With Malicious Intent”. Ethical Hacking Is Legal And Hacking Is Done With Permission From The Client.
Computer Security Is The Protection Of Computer Systems And Networks From Information Disclosure, Theft Of Or Damage To Their Hardware, Software, Or Electronic Data, As Well As From The Disruption Or Misdirection Of The Services They Provide.
************
At the end of this topic, you will be able to;
1. Tell the definition of Computer Hacking
2. Recognize the Ethical hacking and Unethical hacking
3. Illustrate the penetration tester do
4. Summarize the top Skills Required for Cybersecurity Jobs
5. Define Computer Security
6. Recite the different types of Computer Security
7. Describe the importance of Computer Security
8. Summarize the objectives for computer security in any organization
9. Discover in securing your Computer from Unauthorized Access
10. Relate the 15 Best practices for Computer Security and Cyber Security
11. Recognize the Social Engineering and Cyber Attacks
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...Jane Alexander
Jane Alexander,CIO,Cleveland Museum of Art
Brian Dawson, CDO, Canada Science and Technology Museums Corporation
Yvel Guelce, Director of Infrastructure Technology
Children's Museum of Indianapolis
IT staff are often seen as the "Bad Guys," naysayers to anything new and exciting, in the quest to protect the organization from security breaches. In this session, four museum IT leaders will show how common struggles in security can be turned around to develop positive partnerships with other departments for pro-active risk management.
Ranging from simple to complex, the issues each museum faces transcends cost and institution size. The presenters work at wildly diverse organizations but face surprisingly similar issues. Among the topics they will address are how federal policy requirements and PCI compliance affect their organizations, finding budget-conscious ways to meet the rules, encouraging safe practices by end users, using IT risk management to assist senior staff in making informed decisions, and educating employees at all levels. Attention will be given to the everyday struggles common to all IT professionals--for example, changing passwords, Bring Your Own Device, and securely managing information in the cloud. The discussion will then open up to a roundtable format for sharing of successes and frustrations, questions, and comments.
For a college class in Network Security Monitoring at CCSF.
Instructor: Sam Bowne
Course website: https://samsclass.info/50/50_F17.shtml
Based on "The Practice of Network Security Monitoring: Understanding Incident Detection and Response" by Richard Bejtlich, No Starch Press; 1 edition (July 26, 2013), ASIN: B00E5REN34
Cyber Security Professionals Viewed via Supply Chainaletarw
This research examines the issue of supply and demand for cybersecurity professionals to determine how to optimize the output of cybersecurity professionals through a supply chain. It was found that progress is impeded by the lack of a clearly defined and standardized definition of a cybersecurity worker and their associated knowledge, skills, and abilities. There is a known shortage of cybersecurity professionals that is affecting the ability of the United States to fulfil the mandate of President Obama who declared that the protection of our digital infrastructure is a national security priority. The problem with this declaration is that a literature review confirms there is no standard definition of a cybersecurity worker, associated skills, or educational requirements. The cybersecurity workforce to which we speak in this report consists of those who self-identify as cyber or security specialists as well as those who build and maintain the nation’s critical infrastructure. Considering the criticality of the national infrastructure, it is time for the US to take immediate steps to coordinate the development of the cybersecurity field and its associated workforce supply chain.
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?PECB
Ethical hacking helps organizations in preventing the exploitation and vulnerabilities of their system’s data.
Today, several real-world testing methods are used to avoid cyber-attacks and secure important data from exploitation.
The webinar covers
• Ethical Hacking
• Penetration Testing
• Differences and Similarities
• Types & Stages of Penetration Testing
• Cybersecurity
• Impact of COVID-19 on Cybersecurity
Presenters:
Carl Carpenter
Carl is a former CISO of a $6B entity where he was responsible for protecting data of all types and regulatory environments such as FFIEC, HIPAA, and PCI as well as working with the FBI, IRS, and US Department of Labor around investigations relating to money laundering. He has performed assessments against Fortune 10 and 50 companies in the areas of GDPR, CCPA, ISO/IEC 27001 and currently performs CMMC assessments as well as CMMC pre-audit support to help ensure a successful CMMC audit. Prior to that, Carl retired from the US Military where he was involved in counter-terrorist, counter-narcotics, counter-intelligence operations and training foreign military members in these same concepts. Carl is also a PECB trainer in ISO/IEC 27001, ISO/IEC 27032, and CMMC Foundations and holds numerous other certifications.
In 2016, Carl joined Arrakis Consulting where he started as an auditor and providing CISO-as-a-Service to small or medium sized companies that needed more experience without increased cost. In 2017, Carl added active penetration testing to his portfolio of skills and routinely performs penetration tests against companies of all sizes. Carl also trains people on a variety of skills such as penetration testing, network engineering, network administration, OSI model, subnetting, etc…
Carl holds a Bachelors from Western Governors University in Network Security and Operations as well as numerous certifications from ITIL, Cisco, CompTIA, Microsoft, CMMC-AB, ISACA, OneTrust, RSA, PCI Council, Citrix, and Novell
Andreas Christoforides
Mr. Christoforides is an active IT auditor and a trainer for a various organization on Information Security Management Systems. He is a member of the Cyprus Computer Society, a PECB certified trainer for ISO/IEC 27001, ISO 22301 and GDPR CDPO, and a former Deputy Head of IT Infrastructure at a Bulgarian Leading Bank.
In 2019, he joined BEWISE and delivered to clients a wide range of Cybersecurity projects in the areas of strategy, governance and risk management, data privacy and protection (GDPR), and business resilience and recovery. He conducts IT Risk Assessments and develops IT policies and procedures towards establishing an effective and secure IT Governance framework.
Mr. Christoforides holds a BEng degree from Birmingham City University and a variety of other qualifications from Microsoft and CISCO.
YouTube video: https://youtu.be/cTrdBZFIFhM
Website link: https://pecb.com/
The body of technologies, processes and practices designed to protect networks, devices, programs and data from attack, damage, or unauthorized access is referred to as cyber security. It is also known as information technology security. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems.
Patents are a good information resource for obtaining the state of the art of deep learning for cybersecurity technology innovation insights.
I. Deep Learning for Cybersecurity Technology Innovation Status
Patents that specifically describe the major deep learning applications in cybersecurity are a good indicator of the deep learning for cybersecurity innovations in a specific innovation entity. To find the deep learning for cybersecurity technology innovation status, patent applications in the USPTO as of May 31, 2020 that specifically describe the major deep learning applications in cybersecurity are searched and reviewed. 31 published patent applications that are related to the key deep learning for cybersecurity technology innovation are selected for detail analysis.
II. Deep Learning for Cybersecurity Technology Innovation Details
Patent information can provide many valuable insights that can be exploited for developing and implementing new technologies. Patents can also be exploited to identify new product/service development opportunities.
Industrial IoT Cyber-Attack Detection/General Electric
Malicious Code Detection/Royal Bank of Canada
Cyber Security is the most important constituent of Information Technology
that protects all kinds of information systems, (personal or professional) against
all the vulnerabilities and potential attacks via the internet.
Computer hacking and security - Social Responsibility of IT Professional by M...Mark John Lado, MIT
Computer hacking and security - Social Responsibility of IT Professional by Mark John Lado and Franklin Lasdoce
*******
Technology is science or knowledge put into practical use to solve problems or invent useful tools. A computer is one of the examples of technology it is a programmable electronic device that accepts raw data as input and processes it with a set of instructions (a program) to produce the result as an output.
Technology is robust, where hacking is now common, there are two different types of hacking, ethical hacking, and unethical hacking.
The Same Tools Are Used By Both Hackers And Ethical Hackers. The Only Difference Is That Hackers Use Tools To Steal Or Destroy Information Whereas Ethical Hackers Use the Same Tools To Safeguard Systems From “Hackers With Malicious Intent”. Ethical Hacking Is Legal And Hacking Is Done With Permission From The Client.
Computer Security Is The Protection Of Computer Systems And Networks From Information Disclosure, Theft Of Or Damage To Their Hardware, Software, Or Electronic Data, As Well As From The Disruption Or Misdirection Of The Services They Provide.
************
At the end of this topic, you will be able to;
1. Tell the definition of Computer Hacking
2. Recognize the Ethical hacking and Unethical hacking
3. Illustrate the penetration tester do
4. Summarize the top Skills Required for Cybersecurity Jobs
5. Define Computer Security
6. Recite the different types of Computer Security
7. Describe the importance of Computer Security
8. Summarize the objectives for computer security in any organization
9. Discover in securing your Computer from Unauthorized Access
10. Relate the 15 Best practices for Computer Security and Cyber Security
11. Recognize the Social Engineering and Cyber Attacks
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...Jane Alexander
Jane Alexander,CIO,Cleveland Museum of Art
Brian Dawson, CDO, Canada Science and Technology Museums Corporation
Yvel Guelce, Director of Infrastructure Technology
Children's Museum of Indianapolis
IT staff are often seen as the "Bad Guys," naysayers to anything new and exciting, in the quest to protect the organization from security breaches. In this session, four museum IT leaders will show how common struggles in security can be turned around to develop positive partnerships with other departments for pro-active risk management.
Ranging from simple to complex, the issues each museum faces transcends cost and institution size. The presenters work at wildly diverse organizations but face surprisingly similar issues. Among the topics they will address are how federal policy requirements and PCI compliance affect their organizations, finding budget-conscious ways to meet the rules, encouraging safe practices by end users, using IT risk management to assist senior staff in making informed decisions, and educating employees at all levels. Attention will be given to the everyday struggles common to all IT professionals--for example, changing passwords, Bring Your Own Device, and securely managing information in the cloud. The discussion will then open up to a roundtable format for sharing of successes and frustrations, questions, and comments.
For a college class in Network Security Monitoring at CCSF.
Instructor: Sam Bowne
Course website: https://samsclass.info/50/50_F17.shtml
Based on "The Practice of Network Security Monitoring: Understanding Incident Detection and Response" by Richard Bejtlich, No Starch Press; 1 edition (July 26, 2013), ASIN: B00E5REN34
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
This presentation was delivered at BSides Augusta in September 2016. The A/V portion is available here: https://www.youtube.com/watch?v=i6p71t9PFWM
Abstract:
"We can all agree that threat ("Evil") detection is an essential component of a functioning security monitoring program. Let's start thinking about how to take our tradecraft to the next level and hunt for insecure conditions ("Ways for Evil to do Evil things") that might allow threat actors to succeed in their mission.
This talk will run through some of the observations gathered during hunting expeditions inside the networks of multiple Fortune-ranked organizations and challenge you to expand your security operations thinking beyond signature-based detection.
- What is Hunting?
- How have we done it?
- What have we found, and what should be done about those findings?
- How might you achieve similar outcomes in your own environment?"
Speakers:
- Jacqueline Stokes (@find_evil) is an infosec enthusiast who picked up hacking as a preteen and cut her teeth over multiple years in Iraq. Her ongoing mission is to assess and advise clients on the most actionable and forward-thinking methods to improve detection, response, and containment of advanced threats. Jackie likes long walks on the beach, 90's nostalgia, and is the president and founding member of the Kevin Mandia Fan Club.
- Danny Akacki (@dakacki) was a Lead Analyst with GE Capitals' Applied Intelligence team prior to his employment with Mandiant, and now works for Bank of America's hunt team. He is a pragmatic optimist and believes we are probably screwed, but hopes we aren't. Danny enjoys finding evil on the weekends.
- Stephen Hinck (@stephenhinck) is a Senior Security Analyst at Oracle, Inc. Stephen stumbled into the information security world years ago and has since only managed to dig his way deeper to the rabbit hole. With a background in security operations, incident response and threat hunting, Stephen's experience is multi-faceted. Although he enjoys many things, he absolutely hates writing silly bios like this one.
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...Sam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
Introduction to Cyber forensics: Information Security Investigations, Corporate Cyber Forensics, Scientific method in forensic analysis, investigating large scale Data breach cases.
Analyzing Malicious software.
CNIT 152: 4 Starting the Investigation & 5 LeadsSam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
BSidesLondon 20th April 2011 - Xavier Mertens (@xme)
========================
Your IT infrastructure generates thousands(millions?) of events a day. They are stored in several places under multiple forms and contain a lot of very interesting information. Using free tools, This presentation will give you some ideas how to properly manage this continuous flow of information and how to make them more valuable.
for more about Xavier
http://blog.rootshell.be
Similar to 2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia (20)
2019 03-25 acad-csirt career in security to polinela lampung 25 maret2019 finalIGN MANTRA
KULIAH UMUM INDONESIA SOCIETY 5.0,
Pentingnya Peningkatan Kesadaran Keamanan Data dan Informasi Menyongsong Society 5.0
POLINELA, Politeknik Negeri Lampung, 25 Maret 2019
IGN Mantra, ACADEMIC CERT, PERBANAS INSTITUTE
Cyber Security, Career, Computer Security, CIA Confidentiality, Integrity and Availability
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.IGN MANTRA
ISO 27001:2013 Awareness, Seminar & Workshop Indonesia Honeynet Project IHP, Badan Siber dan Sandi Negara BSSN, Universitas Syiah Kuala Unsyiah, 23-24 Oktober 2018
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.IGN MANTRA
ISO 27001:2013 Awareness, Seminar & Workshop Indonesia Honeynet Project IHP, Badan Siber dan Sandi Negara BSSN, Universitas Syiah Kuala Unsyiah, 23-24 Oktober 2018
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.IGN MANTRA
ISO 27001:2013 Awareness, Seminar & Workshop Indonesia Honeynet Project IHP, Badan Siber dan Sandi Negara BSSN, Universitas Syiah Kuala Unsyiah, 23-24 Oktober 2018
SEMINAR Computer & Cyber Security Career in the World, IT UPIGN MANTRA
Seminar tentang Computer dan Cyber Security Career di dunia, yang dilaksanakan di Teknik Informatika, Universitas Pancasila, 13 April 2018, Ruang Seminar Multimedia, oleh IGN Mantra dan IMATIKA
Seminar Karir di Computer dan Cyber Security + 10 Tips Meraihnya di STMIK BAN...IGN MANTRA
Seminar tentang Karir di bidang Computer dan Cyber Security + 10 Tips untuk dapat meraihnya termasuk Remunerasi, Sertifikasi, kendala dan tantangannya. STMIK BANISALEH Bekasi. 15 April 2018
Final project report on grocery store management system..pdfKamal Acharya
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Dr.Costas Sachpazis
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
Hierarchical Digital Twin of a Naval Power SystemKerry Sado
A hierarchical digital twin of a Naval DC power system has been developed and experimentally verified. Similar to other state-of-the-art digital twins, this technology creates a digital replica of the physical system executed in real-time or faster, which can modify hardware controls. However, its advantage stems from distributing computational efforts by utilizing a hierarchical structure composed of lower-level digital twin blocks and a higher-level system digital twin. Each digital twin block is associated with a physical subsystem of the hardware and communicates with a singular system digital twin, which creates a system-level response. By extracting information from each level of the hierarchy, power system controls of the hardware were reconfigured autonomously. This hierarchical digital twin development offers several advantages over other digital twins, particularly in the field of naval power systems. The hierarchical structure allows for greater computational efficiency and scalability while the ability to autonomously reconfigure hardware controls offers increased flexibility and responsiveness. The hierarchical decomposition and models utilized were well aligned with the physical twin, as indicated by the maximum deviations between the developed digital twin hierarchy and the hardware.
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
Cosmetic shop management system project report.pdfKamal Acharya
Buying new cosmetic products is difficult. It can even be scary for those who have sensitive skin and are prone to skin trouble. The information needed to alleviate this problem is on the back of each product, but it's thought to interpret those ingredient lists unless you have a background in chemistry.
Instead of buying and hoping for the best, we can use data science to help us predict which products may be good fits for us. It includes various function programs to do the above mentioned tasks.
Data file handling has been effectively used in the program.
The automated cosmetic shop management system should deal with the automation of general workflow and administration process of the shop. The main processes of the system focus on customer's request where the system is able to search the most appropriate products and deliver it to the customers. It should help the employees to quickly identify the list of cosmetic product that have reached the minimum quantity and also keep a track of expired date for each cosmetic product. It should help the employees to find the rack number in which the product is placed.It is also Faster and more efficient way.
Online aptitude test management system project report.pdfKamal Acharya
The purpose of on-line aptitude test system is to take online test in an efficient manner and no time wasting for checking the paper. The main objective of on-line aptitude test system is to efficiently evaluate the candidate thoroughly through a fully automated system that not only saves lot of time but also gives fast results. For students they give papers according to their convenience and time and there is no need of using extra thing like paper, pen etc. This can be used in educational institutions as well as in corporate world. Can be used anywhere any time as it is a web based application (user Location doesn’t matter). No restriction that examiner has to be present when the candidate takes the test.
Every time when lecturers/professors need to conduct examinations they have to sit down think about the questions and then create a whole new set of questions for each and every exam. In some cases the professor may want to give an open book online exam that is the student can take the exam any time anywhere, but the student might have to answer the questions in a limited time period. The professor may want to change the sequence of questions for every student. The problem that a student has is whenever a date for the exam is declared the student has to take it and there is no way he can take it at some other time. This project will create an interface for the examiner to create and store questions in a repository. It will also create an interface for the student to take examinations at his convenience and the questions and/or exams may be timed. Thereby creating an application which can be used by examiners and examinee’s simultaneously.
Examination System is very useful for Teachers/Professors. As in the teaching profession, you are responsible for writing question papers. In the conventional method, you write the question paper on paper, keep question papers separate from answers and all this information you have to keep in a locker to avoid unauthorized access. Using the Examination System you can create a question paper and everything will be written to a single exam file in encrypted format. You can set the General and Administrator password to avoid unauthorized access to your question paper. Every time you start the examination, the program shuffles all the questions and selects them randomly from the database, which reduces the chances of memorizing the questions.
Water billing management system project report.pdfKamal Acharya
Our project entitled “Water Billing Management System” aims is to generate Water bill with all the charges and penalty. Manual system that is employed is extremely laborious and quite inadequate. It only makes the process more difficult and hard.
The aim of our project is to develop a system that is meant to partially computerize the work performed in the Water Board like generating monthly Water bill, record of consuming unit of water, store record of the customer and previous unpaid record.
We used HTML/PHP as front end and MYSQL as back end for developing our project. HTML is primarily a visual design environment. We can create a android application by designing the form and that make up the user interface. Adding android application code to the form and the objects such as buttons and text boxes on them and adding any required support code in additional modular.
MySQL is free open source database that facilitates the effective management of the databases by connecting them to the software. It is a stable ,reliable and the powerful solution with the advanced features and advantages which are as follows: Data Security.MySQL is free open source database that facilitates the effective management of the databases by connecting them to the software.
6th International Conference on Machine Learning & Applications (CMLA 2024)ClaraZara1
6th International Conference on Machine Learning & Applications (CMLA 2024) will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of on Machine Learning & Applications.
Understanding Inductive Bias in Machine LearningSUTEJAS
This presentation explores the concept of inductive bias in machine learning. It explains how algorithms come with built-in assumptions and preferences that guide the learning process. You'll learn about the different types of inductive bias and how they can impact the performance and generalizability of machine learning models.
The presentation also covers the positive and negative aspects of inductive bias, along with strategies for mitigating potential drawbacks. We'll explore examples of how bias manifests in algorithms like neural networks and decision trees.
By understanding inductive bias, you can gain valuable insights into how machine learning models work and make informed decisions when building and deploying them.
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesChristina Lin
Traditionally, dealing with real-time data pipelines has involved significant overhead, even for straightforward tasks like data transformation or masking. However, in this talk, we’ll venture into the dynamic realm of WebAssembly (WASM) and discover how it can revolutionize the creation of stateless streaming pipelines within a Kafka (Redpanda) broker. These pipelines are adept at managing low-latency, high-data-volume scenarios.
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
1. ACAD-CSIRT :
National Cyber Security and
Academic Situational Updated
IGN Mantra, Chairman & Founder
Academic CSIRT
mantra@acad-csirt.or.id,
incident@acad-csirt.or.id
Honeynet Universitas Indonesia
Seminar & Workshop
10-11 September 2019
2. Incident Response and Handling
Digital Forensics
IGN MANTRA, CEI
ACAD-CSIRT
Workshop Honeynet Indonesia,
Universitas Indonesia, 11 September 2019
3. Outline
• Introduction
• The Incident Response Process
• Preparation
• Identification
• Containment
• Eradication
• Recovery
• Lessons Learned
• The Attacker Process
• Reconnaissance
• Scanning
• Exploitation
• Keeping Access
• Covering Tracks
• Conclusion
4. Introduction
• ACAD-CSIRT
• Academic CSIRT, Indonesia
• Started in 2009, Komunitas InfoSec dan CSIRT Academy
• Non Profit Org.
• Support, Consulting, Training, Research Products
• Locations – Jakarta, Tangerang, Bandung, Surabaya, Bali, NAD
• Informatika, Perbanas Institute, Jakarta
• Informatika, Swiss German University, Tangerang
• Informatika, ITS Surabaya
• Assessment Team: Policy, Computer Security, Network, WebApp and
DB, Wireless, and Digital Forensics
5. Introduction
• IGN Mantra - (mantra@acad-csirt.or.id), (incident@acad-csirt.or.id)
• Founder, Co Founder (IDSIRTII), Co Founder (IHP)
• Senior Security Analyst
• Senior Incident Response Analyst
• Coordinator of Incident Response Program
• EC-COUNCIL CEI, SANS Certified Incident Handler and Network
• PhD (candidate), Information Security Research.
6. Incident Response and Digital Forensics
§ One of the least practiced, most stressful, highly scrutinized areas
of Information Security.
§ Every incident is unique and can incorporate many different areas
of the affected organization.
§ Incident analysts must be able to think quickly, remain calm and
consider all possibilities.
7. Common Incident Types
• Economic Espionage
• Intellectual Property Theft
• Unauthorized Access
• Stolen Passwords and Data
• Unauthorized Use
• Inappropriate E-Mail and Web Habits
• Malicious Code
• Worms with Backdoors (Sasser)
• Insider Threats
9. Preparation:
• The key to a successful response is preparation.
• Form a strategy.
• Design a procedure.
• Gather Resources.
• Practice, practice, practice.
10. Preparation:
• Identify the “Core Team”
• Technical (IT, InfoSec and System Owners)
• Management
• Legal Department
• Forensics
• Public Relations
• Human Resources
• Physical Security and Maintenance
• Telecommunications
11. Preparation:
• Organizing Individuals
• All members of the CSIRT team should know their role and how
they will interact with the other members.
• Outsourced or “third party” members should have contracts in
place.
• Contacts for Law Enforcement should be known and situations
for their involvement discussed.
12. Preparation:
• Develop a Procedure
• Incident response can be a high-stress time. A well
documented procedure, that is easy to follow, can greatly
reduce the anxiety.
• Develop a call tree and notification procedures
• Brainstorm likely scenarios.
• Identify general information needed in most scenarios ahead
of time.
• Make checklists and forms for as much as possible.
13. Preparation:
• Communication
• Communication is incredibly important during an incident. Not
only the people involved, but the method which it is done.
• Updates should be frequent.
• Out-of-Band Communications are very important.
• Faxes
• Cell Phones
• Be careful with the Blackberry’s
14. Preparation:
• Access Rights
• The incident response team must have access to systems
without the administrators authorization.
• Controversial Issue
• User Accounts, Passwords and Encryption keys
• Third-party storage methods are available
15. Preparation:
• Policies
• Protect the organization from legal liability and allow
investigators to do their job.
• Warning Banners are readily displayed.
• Search policy is detailed in employee manual.
• Human Resources and Legal have signed off.
• Employees have acknowledged knowing their expectations on
privacy.
• Beware of international laws (European Privacy Directive)
16. Preparation:
• Gathering Resources
• Incident analysts should have all information ready and be able
to respond to the incident.
• Procedures, Checklists and Forms are ready.
• Access credentials are available or individuals with them are
known.
• System information, network diagrams, software and
intellectual property are documented thoroughly.
17. Preparation:
• Training
• SANS Institute and GIAC Certifications
• Track 4: Incident Response and Hacker Techniques
• Track ??: Digital Forensics
• Vendor Training
• Guidance Software
• Access Data
• Partners
• Incident Response Scenarios
19. Incident: Intentional or Unintentional
§ Multiple failed logins to the domain administrator account.
§ Administrator credentials were cached on a users
workstation and they are attempting to login.
§ Someone is actively attempting to brute-force the
account.
20. Identification:
• Goals
• Determine Scope
• Identify what systems, people and informational assets are
involved in the event.
• Preserve Evidence
• Protect the facts of the incident while determining the
scenario.
22. Identification: Passive Identification
• Sniffers and Traffic Analysis
• Cyclical Buffers allow full recording of events at the packet level
to a point, depending on size and utilization.
• Target machine evidence is still preserved.
• Assist in determining new attacks for which signatures have not
yet been written.
23. Identification: Passive Identification
• Intrusion Detection Systems
• Least invasive method
• Target machine evidence is preserved
• Logs must still be protected
• Write-Once, Read-Many Media
24. Identification: Passive Identification
• Tripwire-style File Modification
• A hash of the file is taken and stored in a secure database. Any
modification to that file results in a change of the hash.
• Very indicative of a successful compromise.
• Can be noisy during patching and must be tuned after every
software upgrade.
25. Identification: HoneyPots and HoneyTokens
• Specific systems or accounts with additional logging and
notification to alert on suspicious activity.
• Operators must be careful of entrapment.
• Systems have to be secured and heavily monitored.
• Systems cannot invite intruders –
• No “hackme” accounts
• No “Salary Database” systems
26. Identification: Chain of Custody
• Evidence must be accounted for from the time it is collected
until the time it is submitted to the court.
• Each piece of evidence must be under the control of one,
identifiable person at all times.
• A change in control of the evidence must be recorded.
• Evidence in storage must be protected from contamination.
(ie… sealed and secured)
27. Containment -
Now that the events have been identified as an incident and a chain-
of-custody for evidence has been established, we will take the first
step into system modification by beginning our containment.
28. Containment:
• Vendor Coordination
• Work closely with your vendors and know how to open
security-related tickets with high priority.
• ISPs can prevent some Denial of Service situations.
• They are more familiar with attacks because they have seen them
with other clients and are up-to-date on advisories.
• Additional people working towards identification, containment and
recovery.
• We are used to the pressure!
29. Containment:
• Identifying the Trust Model
• The trust model identifies not only the technology, but also the people that
are involved in the incident.
• What connectivity does the network or system have to other
areas in the organization?
• What information is contained within it?
• Who needs to be involved and to what extent?
30. Containment:
• Documentation Strategies
• Documentation should be collected from most volatile to least volatile and
least invasive to most invasive.
• Volatile evidence includes RAM, running processes and active
connections.
• Be careful of running system commands from anything but
recovery media.
31. Containment:
• Should we Quarantine?
• Changes to a system may be easily observed by an active attacker.
• Rootkits may identify a pulled network connection or extensive
system modification and protect the attacker.
• Some exploits are entirely memory resident and will disappear
when the power is pulled.
32. Containment:
• Initial Analysis
• Keep a low profile
• Never analyze the original
• Make frequent updates to CSIRT
• Acquire log files
• Stick to the facts and avoid blame
• Consider all possibilities but keep it simple
33. Containment:
• Backups
• Numerous backups allow both investigation and preservation of evidence.
• Different strategies exist and depend on the situation.
• Original is kept as evidence
• Backup 1 – Placed back in production
• Backup 2 – Forensic Analysis
• Backup 3, 4, etc… separate copies for analysis
34. Containment:
• Digital Forensics
• Numerous separate analysis all yield the same results.
• Requires specialty hardware, software and training.
• Bit by Bit copying and analysis of data.
• Recovery of deleted data.
• Identification of altered system files (trojans) and binaries in a
safe environment.
35. Containment:
• Digital Forensics: Hardware Write Blockers
• No modification to the data itself, we want to observe and duplicate only.
• Hardware device or driver between acquisition machine and
target system.
• May use NIC, USB, FireWire or IDE/SCSI channels.
• Intercepts write commands and gives logical return results.
• Allows browsing of the filesystem during acquisition.
36. Containment:
• Digital Forensics: Forensic Software
• Allows quick and efficient analysis of the information contained on the
device.
• Guidance Software’s EnCase used by law enforcement.
• Linux Forensics CD’s are coming along in maturity.
(still must use write blockers!!!)
• Scripts allow quick searching of keywords in files and deleted
data.
• Hash comparisons verify original files, known dangerous
applications and aid the examiner in avoiding the bad stuff.
37. Containment:
• Digital Forensics: What are we looking for?
• Many areas of interesting data are forgotten about.
• Cached web content
• Email Files (PST’s)
• Recoverable Deleted Files
• Specific Incidents: CAD drawings, Engineering diagrams,
Pornography
• Known file signatures of hacking tools, backdoors, etc…
38. Containment:
• Digital Forensics: Other devices?
• May not be able to submit as evidence in court, but can assist the Incident
Handler in their investigation.
• Personal Organizers (PIMs): Blackberry, Palm Pilots, IPAQ’s.
• SIM Cards/Cell phones
• USB Tokens/Flash Drives
39. Containment:
• Digital Forensics: Not Perfect!
• Some tools have been written specifically to defeat forensics software.
• DoD: 7-Pass, random-write method for secure deletion of
magnetic media. (Rainbow Method)
• Windows: Eraser
• Unix: Wipe
40. Containment:
• Slowing the Attack
• Change passwords and access rights.
• Change hostnames and IPs.
• Null Route suspicious traffic.
• Block IPs or Networks.
• Apply Patches to similar systems.
• Shutdown services.
41. Eradication -
Once an incident has been contained we attempt the total removal of
malicious applications from a system or network.
42. Eradication:
• Remove or Restore
• The decision of whether to remove malicious files or restore
from backups is a difficult task.
• Rootkits almost always demand a rebuild.
• Verification of backups is a must.
• Patches may not be available and a total change of
architectures may be necessary.
43. Eradication:
• Improve Defenses
• Implement additional detection and protection methods and
strengthen existing technologies and processes.
• Apply firewall and router filters.
• Perform “mini-assessments” using the same tools and
techniques as your attackers.
• Look for the same exploits and backdoors on multiple
machines.
44. Recovery -
Once the threat has been removed the organization must begin the
process of returning the business to normal operation.
45. Recovery:
• Returning to Operation
• System owners make the final call on returning to production.
• Owners depend on the systems and know their true value.
• If a disagreement occurs on whether to return to production or
not it should be documented by the analysts and the owner
should acknowledge responsibility.
46. Recovery:
• Monitoring
• At this point in the process you should have enough
information to identify the attack if it occurs again.
• Create custom IDS signatures if possible.
• Verify proper operation to baseline configurations.
• Implement additional logging on network, hosts and
applications.
47. Lessons Learned -
The lessons learned meeting provides a method for the organization to
coordinate knowledge of an incident, suggest changes in procedures
and policies for the future and justify the implementation of new
safeguards.
48. Lessons Learned:
• Recap Meeting
• Should occur promptly after eradication of an incident while details are fresh
in the team members heads.
• Create a timeline of events.
• Provide a consensus of notes and documentation.
• Finalize facts for a final report.
49. 7 Deadly Sins
• Failure to report/ask for help
• Incomplete/Non-Existent Notes
• Mishandling/Damaging Evidence
• Failure to create backups
• Failure to eradicate or contain
• Failure to prevent re-infection
• Failure to apply lessons learned
50. Attacker Methodology
§ Reconnaissance
§ Profiling the Target
§ Scanning
§ Identifying Weaknesses
§ Exploitation
§ Breaking the Law
§ Keeping Access
§ Backdoors
§ Covering Tracks
§ Staying out of Jail
51. Reconnaissance:
• The target is profiled –
• Employee Information (name, numbers, titles)
• Systems Information (usenet postings, job listings)
• Process Information (vendors and transactions)
• Location Information (external networks, physical locations)
52. Scanning:
• Port and Vulnerability scanners are run to identify vulnerable
systems.
• Open Ports and Services
• Vulnerable Applications
• Default Usernames and Passwords
• Weak Encryption Implementations
53. Exploitation:
• Execution of attack – usually the first point at which the law is
broken.
• Goals
• Gaining Access
• Elevating Access
• Extracting Information
• Denying Service (DoS)
54. Keeping Access:
• Addition of Admin-level User Accounts
• Enabling of default, insecure services
• Installation of “Backdoor” or “root kit” applications allowing the
attacker to retain access despite system modifications.
• Application Level
• Traditional Rootkit
• Kernel Level Rootkit
55. Covering Tracks:
• Modification of system logs, applications and processes to prevent
identification by administrators.
• Hiding files and Directories (… and alt-255 dirs)
• Changes in /var/log
• Changes in shell history
• Removal of events (windows)
56. Our Example Scenario
• An attacker uses a “0-day” exploit to infiltrate the target organization,
install a backdoor and retrieve critical intellectual property for a
competitor.
• Normal security procedures alert the administrators to suspicious
activity and the incident response plan is activated.
57.
58. Attacker Perspective: Reconnaissance
• Google and the corporate web site are used to identify the
organizational structure of key personnel including HR managers and
executive management.
• Low-Profile, no data sent directly to organization.
• Impossible to detect.
59. Attacker Perspective:
Harvesting
• Freely-available scanning
tools are used to identify
email addresses from the
corporate website.
• Same method as SPAM
groups.
• Many sites do not use
generic web addresses.
60. Attacker Perspective: Exploitation
• Attacker sends malicious application to email addresses obtained
during scanning.
• Users open emails (possibly through social engineering) and are
immediately infected.
• Attacker can be listening for connections from infected machines and
have immediate control over systems.
63. Incident Timeline: Preparation
• IR Team established and roles defined.
• Daily procedures established for log analysis and identification.
• Containment procedures are outlined in policy. (Restoration takes
priority)
• Roles and Responsibilities are defined
65. Incident Timeline: Containment
• No “watch and learn” policy, power is pulled from the host.
• System is imaged using forensic tools and Hardware Write-Blockers
which prevent alteration of data during backup.
• Employee is interviewed to determine method of infection.
66. Incident Timeline: Eradication and Recovery
• System is restored from the organizations hardened base image and
patches are applied. (Analysis can continue through restore)