TWCSIRT is a full member of FIRST and mainly focuses on the protection of NARLabs, TANet and TWAREN. We are defense cyber-attack from internet and according to government policy to handling incident every day. I am a research fellow with National Center for High-performance Computing and lead cyber security team to operation security operation center to handling incident in Taiwan Academic Network.
In our research project from government, we are deployed the biggest honeynet in Taiwan and used over 6000 IP address to detection malicious network attack come from internet.
We have published our malware knowledge base to sharing malware samples and reports for many researchers, students, research center and sharing our data set for deep tracking about cyber security.
There are many new types of cyber-attack that’s is include ransomware, website mining, DDoS and hybrid malicious attack.
Main Points:
- What’s TWCSIRT Mission and Scope
- How to coordinate in National level with ISAC, CERT and SOC
- Cyber-attack and threat hunting in Taiwan Academic Network
- How to develop cyber security platform for incident handling
- How to do red team and blue team training by CDX
small talk about IOT security especially IOT pentesting for beginner. What exactly IOT and how we test it?
Live on Ethical Hacker Indonesia
April 14th 2020
Yesterday Pierluigi Paganini, CISO Bit4Id and founder Security Affairs, presented at the ISACA Roma & OWASP Italy conference the state of the art for the Internet of Things paradigm. The presentation highlights the security and privacy issues for the Internet of Things, a technology that is changing user’s perception of the technology.
Enabling Data Protection through PKI encryption in IoT m-Health DevicesCharalampos Doukas
Short presentation about a gateway-based solution for medical data encryption and the Internet of Things. Paper presented at 12th IEEE International Conference on BioInformatics and BioEngineering
Slide yang kupresentasikan di MII-Intel Seminar (Jakarta, 30/10/2019)
IoT is the Future. Or even, IoT is widely adopted now.
Are you sure you are prepared enough for it? Are confident that your IoT solution is secure?
Presented by Paul Wilson, Director General of APNIC and Chair of APrIGF Multistakeholder Steering Group at the Asia Pacific Internet Leadership Program as part of 2016 APrIGF Taipei
small talk about IOT security especially IOT pentesting for beginner. What exactly IOT and how we test it?
Live on Ethical Hacker Indonesia
April 14th 2020
Yesterday Pierluigi Paganini, CISO Bit4Id and founder Security Affairs, presented at the ISACA Roma & OWASP Italy conference the state of the art for the Internet of Things paradigm. The presentation highlights the security and privacy issues for the Internet of Things, a technology that is changing user’s perception of the technology.
Enabling Data Protection through PKI encryption in IoT m-Health DevicesCharalampos Doukas
Short presentation about a gateway-based solution for medical data encryption and the Internet of Things. Paper presented at 12th IEEE International Conference on BioInformatics and BioEngineering
Slide yang kupresentasikan di MII-Intel Seminar (Jakarta, 30/10/2019)
IoT is the Future. Or even, IoT is widely adopted now.
Are you sure you are prepared enough for it? Are confident that your IoT solution is secure?
Presented by Paul Wilson, Director General of APNIC and Chair of APrIGF Multistakeholder Steering Group at the Asia Pacific Internet Leadership Program as part of 2016 APrIGF Taipei
This presentation was presented in OWASP Thailand Chapter Meeting 5/2019 (July 25). It is about how to design data architecture and secure software in order to protect organization from regulation's penalty causes by data breach. However, this slide is still incomplete and need more clarification, so it would be useful for those attended the meeting. Be careful for distribution.
This talk revisits the 2016 Mirai attack which targeted IoT devices including IP cameras, WiFi-connected refrigerators, home routers, and more. The resulting botnet was used to attack Dyn’s DNS platform, which affected many websites including Twitter, SoundCloud, Airbnb, and Spotify.
You will learn and discuss the answers to these questions and more:
• What is the current state of Mirai and Mirai variants?
• What Distributed Denial of Service (DDoS) defenses do you have in place?
• How can you prepare to detect and defend against them botnet malware?
• What is recommended in the September 2018 NISTIR Draft,
Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks.
Confusion and deception new tools for data protectionPriyanka Aash
Cyberthreats are assymetric risks: corporate defenders must secure and detect everything, but the attacker needs to exploit only once. As petabytes of data traverse the ecosystem, legacy data protection methods leave many gaps. By looking through the adversary’s eyes, you can create subterfuges, delay attack progress or reduce the value of any data ultimately accessed—and shift the risk equation.
(Source : RSA Conference USA 2017)
The Internet of Things (IoT) is thriving network of smart objects where one physical object can exchange information with another physical object. In today’s Internet of Things (IoT) the interest is the concealment and security of data in a network. The obtrusion into Internet of Things (IoT) exposes the extent with which the internet of things is vulnerable to attacks and how such attack can be detected to prevent extreme damage. It emphasises on threats, vulnerability, attacks and possible methods of detecting intruders to stop the system from further destruction, this paper proposes a way out of the impending security situation of Internet of things using IPV6 Low -power wireless personal Area Network.
This talk summarizes the state of IoT security, specifically as it relates to Industrial Control and Energy. When hearing the buzz-word “Internet of Things,” we typically think of the consumer world: smart toasters and connected fridges. However, there is a staggering number of networked embedded devices that perform life- and mission-critical tasks that our daily lives depend on. Industrial Control Systems (ICS) are not unique snowflakes anymore but use the same ubiquitous technology as found in consumer IoT Devices. This presentation summarizes our experiences at Senrio exploiting embedded system and discusses the reasons why these insecure design patterns exist; including business drivers and technology factors. We will share stories and anecdotes based on 10 years of research, training and consulting (including real vulnerabilities and how they work).
In January IBM Security Systems has announced a new solution wherein it combines the security intelligence capabilities of QRadar SIEM and Big Data + analytics to
In depth presentation covers market trends and risks related to network security & big data analytics. The presentation was given by Matan Trogan at Cybertech Singapore.
(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...Priyanka Aash
It is possible to create a comprehensive attack surface of any organizations just with open data available on the public internet It is possible to search vulnerable targets and compromise the targets. The organizations can be compromised without any RCE vulnerability. It is possible to create inhouse team to continuously monitor your attack surface and fix flaws before attackers find them.
Fixing the Last Missing Piece in Securing IoTNUS-ISS
By Mr Ng Kok Leong, Senior Lecturer & Consultant, Digital Strategy & Leadership Practice, NUS-ISS for the NUS-ISS SkillsFuture Series Seminar: Cybersecurity in Smart Nation (26 June 2019)
Presentation of "State of the Art of IoT Honeypots" technical report developed for the Seminar in Advanced Topics in Computer Science course of the Master Degree in Engineering in Computer Science curriculum in Cyber Security at University of Rome "La Sapienza".
Link: https://www.slideshare.net/secret/EfL8YbinRZjDPS
As threats are increasingly more sophisticated and targeted, traditional anti-virus detection is struggling to keep up. The traditional approach focuses on using fingerprint signatures of known malware to identify malware in the enterprise. This method of fingerprinting for detection is not only easily evaded, but it provides limited value to detecting targeted attacks against companies and emerging threats.
To combat this problem, Invincea developed a novel method for detecting and analyzing previously unknown malware and 0-day exploits. The advanced detection approach runs in conjunction with Invincea’s secure virtual container, which is used to isolate the operating system and user data from exploits against vulnerable applications. By running high-risk apps like web browsers in a secure container, no prior knowledge, including signatures and IOCs of threats is required in order to prevent their damage to the system and loss of data.
The growth of embedded systems connecting to the Internet or "Internet of Things" (IoT) increases year by year. Thus, the IoT ecosystems become new targets of the attackers. This presentation will talk about the basic principle of information security, why we need to secure IoT ecosystems, and also the vulnerabilities and solutions from OWASP.
This presentation was presented in OWASP Thailand Chapter Meeting 5/2019 (July 25). It is about how to design data architecture and secure software in order to protect organization from regulation's penalty causes by data breach. However, this slide is still incomplete and need more clarification, so it would be useful for those attended the meeting. Be careful for distribution.
This talk revisits the 2016 Mirai attack which targeted IoT devices including IP cameras, WiFi-connected refrigerators, home routers, and more. The resulting botnet was used to attack Dyn’s DNS platform, which affected many websites including Twitter, SoundCloud, Airbnb, and Spotify.
You will learn and discuss the answers to these questions and more:
• What is the current state of Mirai and Mirai variants?
• What Distributed Denial of Service (DDoS) defenses do you have in place?
• How can you prepare to detect and defend against them botnet malware?
• What is recommended in the September 2018 NISTIR Draft,
Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks.
Confusion and deception new tools for data protectionPriyanka Aash
Cyberthreats are assymetric risks: corporate defenders must secure and detect everything, but the attacker needs to exploit only once. As petabytes of data traverse the ecosystem, legacy data protection methods leave many gaps. By looking through the adversary’s eyes, you can create subterfuges, delay attack progress or reduce the value of any data ultimately accessed—and shift the risk equation.
(Source : RSA Conference USA 2017)
The Internet of Things (IoT) is thriving network of smart objects where one physical object can exchange information with another physical object. In today’s Internet of Things (IoT) the interest is the concealment and security of data in a network. The obtrusion into Internet of Things (IoT) exposes the extent with which the internet of things is vulnerable to attacks and how such attack can be detected to prevent extreme damage. It emphasises on threats, vulnerability, attacks and possible methods of detecting intruders to stop the system from further destruction, this paper proposes a way out of the impending security situation of Internet of things using IPV6 Low -power wireless personal Area Network.
This talk summarizes the state of IoT security, specifically as it relates to Industrial Control and Energy. When hearing the buzz-word “Internet of Things,” we typically think of the consumer world: smart toasters and connected fridges. However, there is a staggering number of networked embedded devices that perform life- and mission-critical tasks that our daily lives depend on. Industrial Control Systems (ICS) are not unique snowflakes anymore but use the same ubiquitous technology as found in consumer IoT Devices. This presentation summarizes our experiences at Senrio exploiting embedded system and discusses the reasons why these insecure design patterns exist; including business drivers and technology factors. We will share stories and anecdotes based on 10 years of research, training and consulting (including real vulnerabilities and how they work).
In January IBM Security Systems has announced a new solution wherein it combines the security intelligence capabilities of QRadar SIEM and Big Data + analytics to
In depth presentation covers market trends and risks related to network security & big data analytics. The presentation was given by Matan Trogan at Cybertech Singapore.
(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...Priyanka Aash
It is possible to create a comprehensive attack surface of any organizations just with open data available on the public internet It is possible to search vulnerable targets and compromise the targets. The organizations can be compromised without any RCE vulnerability. It is possible to create inhouse team to continuously monitor your attack surface and fix flaws before attackers find them.
Fixing the Last Missing Piece in Securing IoTNUS-ISS
By Mr Ng Kok Leong, Senior Lecturer & Consultant, Digital Strategy & Leadership Practice, NUS-ISS for the NUS-ISS SkillsFuture Series Seminar: Cybersecurity in Smart Nation (26 June 2019)
Presentation of "State of the Art of IoT Honeypots" technical report developed for the Seminar in Advanced Topics in Computer Science course of the Master Degree in Engineering in Computer Science curriculum in Cyber Security at University of Rome "La Sapienza".
Link: https://www.slideshare.net/secret/EfL8YbinRZjDPS
As threats are increasingly more sophisticated and targeted, traditional anti-virus detection is struggling to keep up. The traditional approach focuses on using fingerprint signatures of known malware to identify malware in the enterprise. This method of fingerprinting for detection is not only easily evaded, but it provides limited value to detecting targeted attacks against companies and emerging threats.
To combat this problem, Invincea developed a novel method for detecting and analyzing previously unknown malware and 0-day exploits. The advanced detection approach runs in conjunction with Invincea’s secure virtual container, which is used to isolate the operating system and user data from exploits against vulnerable applications. By running high-risk apps like web browsers in a secure container, no prior knowledge, including signatures and IOCs of threats is required in order to prevent their damage to the system and loss of data.
The growth of embedded systems connecting to the Internet or "Internet of Things" (IoT) increases year by year. Thus, the IoT ecosystems become new targets of the attackers. This presentation will talk about the basic principle of information security, why we need to secure IoT ecosystems, and also the vulnerabilities and solutions from OWASP.
Harness Your Code, Unleash Your Creativity: Your Team's Pragmatic Guide to Se...Aggregage
The pandemic has led to new data vulnerabilities, and therefore new cybersecurity threats. As technology leaders, it's time to rethink some of your product security strategies. Whether you need to rework your security architecture, improve performance, and/or deal with new threats, this webinar has you covered.
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsEmulex Corporation
Data centers move exabytes of data through their networks. This explosive growth in network traffic has put demands on data centers to adapt and add new technologies and standards to keep pace and make information easily accessible. Our personal information, company IP assets and sensitive data run across these networks that are constantly under persistent and malicious cyber attacks to look for vulnerabilities in their networks. IT security teams have to protect complex networks that are growing in size and complexity. They call for a new approach to gaining full – rather than partial – visibility into network behavior to stop downtime losses and data leaks.
By providing 1 to 1 NetFlow generation then collecting the data and analyzing the flow records is essential in time-to-resolution (TTR). To help you take full advantage of valuable NetFlow data for use in network security management, Emulex and Lancope have created a best-in-class network and security solution that allows you to quickly and continuously monitor the makeup of the traffic traversing your network.
In this webinar, we’ll explore why network security management is crucial in managing functionality and visibility of an organization’s network infrastructure and how Emulex helps address these deployment requirements. We'll also explore what matters most when network security is breached, and share some best practice insights gleaned from working with customers that run some of the largest and most critical data networks on the planet.
Preparing for the Cybersecurity RenaissanceCloudera, Inc.
We are in the midst of a fundamental shift in the way in which organizations protect themselves from the modern adversary.
Traditional rules based cybersecurity applications of the past are not able to protect organizations in the new mobile, social, and hyper-connected world they now operate within. However, the convergence of big data technology, analytic advancements, and a variety of other factors have sparked a cybersecurity renaissance that will forever change the way in which organizations protect themselves.
Join Rocky DeStefano, Cloudera's Cybersecurity subject matter expert, as he explores how modern organizations are protecting themselves from more frequent, sophisticated attacks.
During this webinar you will learn about:
The current challenges cybersecurity professionals are facing today
How big data technologies are extending the capabilities of cybersecurity applications
Cloudera customers that are future proofing their cybersecurity posture with Cloudera’s next generation data and analytics management system
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisJason Trost
As organizations operationalize diverse network sensors of various types, from passive sensors to DNS sinkholes to honeypots, there are many opportunities to combine this data for increased contextual awareness for network defense and threat intelligence analysis. In this presentation, we discuss our experiences by analyzing data collected from distributed honeypot sensors, p0f, snort/suricata, and botnet sinkholes as well as enrichments from PDNS and malware sandboxing. We talk through how we can answer the following questions in an automated fashion: What is the profile of the attacking system? Is the host scanning/attacking my network an infected workstation, an ephemeral scanning/exploitation box, or a compromised web server? If it is a compromised server, what are some possible vulnerabilities exploited by the attacker? What vulnerabilities (CVEs) has this attacker been seen exploiting in the wild and what tools do they drop? Is this attack part of a distributed campaign or is it limited to my network?
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
Respond proactively to threats like a defense contractor. It’s more realistic than you might think!
A practical guide of how to build intelligence-driven cyber defenses using open source software, based on real implementations of best practices, adapted from the Lockheed Martin Cyber Kill Chain model.
Security Delivery Platform: Best practicesMihajlo Prerad
Security Delivery Platform: Best practices
The traditional Security model was one that operated under simple assumptions. Those assumptions led to deployment models which in todays’ world of cyber security have been proven to be quite vulnerable and inadequate to growing amount and diversity of threats.
A Security Delivery Platform addresses the above considerations and provides a powerful solution for deploying a diverse set of security solutions, as well as scaling each security solution beyond traditional deployments. Such platform delivers visibility into the lateral movement of malware, accelerate the detection of ex-filtration activity, and could significantly reduce the overhead, complexity and costs associated with such security deployments.
In today’s world of industrialized and well-organized cyber threats, it is no longer sufficient to focus on the security applications exclusively. Focusing on how those solutions get deployed together and how they get consistent access to relevant data is a critical piece of the solution. A Security Delivery Platform in this sense is a foundational building block of any cyber security strategy.
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXNGINX, Inc.
With advancing technology and the ever-evolving landscape of cybercrime, it is more important today than ever to reduce file-borne attacks, secure encrypted traffic, and protect your networks.
In this webinar, we discuss the latest developments in the threat landscape, why shared responsibility matters for critical infrastructure, and how you can mitigate future threat vectors with the F5 NGINX Plus Certified Module from OPSWAT.
Yono REKSOPRODJO, Fahmy YUSUF - Information Warfare in Cyberspace: The Sprea...REVULN
The rapid development of information and communication technology brings significant change to human life. In the past, people have been getting information through conventional media such as newspapers, radio, and television. Today, the public relies heavily on digital media consisting of social media and online media that are in the grip within the internet network which provides wide-ranging information in speedy manner. The phenomenon of hoaxes in social media is part of the information warfare in the cyberspace dimension. Hoaxes as tactic of choice in propaganda defined as misleading information attacks to various aspects, covering to include health, economy, disaster-events, and politics. People who are lacking in understanding propaganda tactics like how the news and information addressed in the digital media are often fooled by hoaxes that maybe appear as texts, pictures or videos. The spread of hoaxes may get uncontrollable due to the many parties who deliberately spread the hoaxes for a particular interest with anonymous accounts, fake accounts and so-called bots. The transmission of hoaxes as global phenomenon today, affecting many countries. Hoaxes that are spread in cyberspace are difficult to control without solid cooperation between government and society. This means of bad intension today by spreading news used as an asymmetric weapon extensively exercised during any political election period. This paper is about an analysis of hoax cases occurred in the time of Jakarta Gubernatorial Election 2017 as a case study.
Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...REVULN
Hacktivism, commonly known as actions by individuals or groups that using hacking skills to spread a specific message and bring attention to a political or social cause, has risen and then fallen globally in the past five years. In the meantime, hacktivist activities have evolved, with an increase in state-sponsored hacktivism using false hacktivist personas, and the appearance of hacktivists who could also be described as "entrepreneurial geeks." Not all hacktivists break into network systems; some perform troll activities to create online disruptions on social media to accomplish their goals. The recent phenomenon of fandom nationalists turned trolls adds another layer to the many roles of hacktivism.
This talk will discuss the role of hacktivism in information operations through case studies of hacktivist activities from various regions and countries, and provide insight into the structure, organization, motivations, goals, tactics, techniques, and procedures (TTPs) of these hacktivist groups. The talk will also analyze how other threat actors utilize hacktivists to conduct information operations. Lastly, the talk will reflect on the future direction of global hacktivism in information operations as geopolitical tensions among major powers increase and nation-states reposition their cyber defense posture.
Hacktivism is evolving in the disinformation age with traditional hacktivist activities of breaking into systems and emerging hacktivist activities of creating online disruptions without breaking into systems. Hacktivist actors are not only non-state actors, but also nation state actors who use false hacktivist personas conducting information operations.
Isao MATSUNAMI - Digital security in japanese journalismREVULN
Massive leaks such as Wikileaks, Panama Papers and Snowden have made journalists realize that good old "just-meet-people-shoot-photo" days are gone.
Getting leak documents over the internet, grappling with data format, processing text with machine learning and protecting sources from surveillance are all getting new-norm for journalism.
However reporters, generally and historically, would be the last species to understand digital technology and data-oriented thinking.
I would like to share my experiences of teaching digital security to journalists and discuss difficulties of journalism in this post-truth world.
Chung-Jui LAI - Polarization of Political Opinion by News MediaREVULN
In 2016 US election, social media played a vital role in shaping public opinions as expressed by the news media that have created the phenomenon of polarization in the United States. Because social media gave people the ability to follow, share, post, comment below everything, the phenomenon of political opinions being spread easily and quickly on social media by the news agencies is bringing out a significantly polarized populace.
Consequently, it’s very important to understand the language differences on Twitter and figure out how propaganda spread by different political parties that influence or perhaps mislead public opinion. This talk will introduce the relationship among the social media, public opinion, and news media, then suggests the method to collect the tweets from Twitter and conduct sentimental and logistic regression analysis on them. Furthermore, this talk points out the special aspect on the relationship between the polarization and the topic of this conference (fake news, disinformation and propaganda).
Main points:
- situation in Taiwan
- research on fake news
- methods for fighting fake news
Stewart MACKENZIE - The edge of the Internet is becoming the centerREVULN
The edge of the Internet is growing exponentially. NetFutures predicts by 2027 we'll have 1000+ devices per person.
Data is generated on the edge of the Internet and due to sociological and technical reasons the Internet, in the form of social networks, amplifies any voice no matter how small. Leading to the bombardment of information, thus filtering out manipulations and fake news from relevant information becomes harder.
This talk discusses the circumstances leading up to the current situation we're in and unveils a new internet protocol implementation designed to operate at the edge of the internet which builds the concept of provenance into data. A potential solution to the problem of fake news as proving data provenance allows you to authenticate the source or publisher of images, videos and text.
Masayuki HATTA - Debunking toxic "Matome sites" in JapanREVULN
"Matome" sites (pronounced "maa-tou-mee", roughly means "edited / curated") is a unique byproduct of Japanese online culture.
They aggregate comments from other sources including anonymous BBSs (typically 2ch / 5ch) and present them in a readable way (with online ads).
Matome sites have been known as sources of disinformation and defamation, and in recent years some of them became go-to places for "Netouyo" (Japanese internet far-rightists) and quite influential.
In this presentation, I will give you a brief introduction of Japanese matome sites and their influences, then explain the recent efforts to debunk some of the most notorious ones.
Based on the judicial records, leaked internal documents, etc., the presentation will explain the entire ecosystem of Japanese matome sites.
Main points:
- The business model of matome sites
- The rise and fall of "Hoshu Sokuhou", one of the most influential matome sites.
- How "netgeek" operates, a notorious viral media.
- Debunking "Anonymous Post", or how to find out the anonymous operator of a matome site.
General overview of AFP's work in the region, examples of disinformation and how the team debunked them, work with Facebook to take enforcement action to prevent their further spread online.
Dominic WAI - When would using a computer be a crime?REVULN
An analysis of section 161 of the Crimes Ordinance and sharing of case law on this offence.
http://www.onc.hk/wp-content/uploads/2018/09/1809_Criminal_EN.pdf
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...REVULN
The Data Privacy Act of the Philippines was enacted into law in March of 2012. Thus, the creation of the National Privacy Commission (NPC) last 2016, which is mandated to administer its implementation. After more than two years after its creation, NPC had successfully championed its cause from awareness, compliance and enforcement with the registration of more than 30,000 Data Protection Officers (DPO), accepted more than 1,000 complaints and cases and has made headlines in the Philippines as one of the most popular government because of its strict implementation of the law. Among its most popular implementation is its Five Pillars of Compliance which was regarded as one of the most successful implementation among other countries. Republic Act 10173, otherwise known as the Data Privacy Act (DPA) of 2012 was passed into law last 2012 in the Philippines. The law requires that all Personal Information Controllers (PIC) and Personal Information Processors (PIP) must appoint a Data Protection Officer (DPO) to manage compliance with the DPA and other applicable laws and policies. In addition, having a DPO will ensure the protection of personal data collection and processing in accordance with the requirement of the law.
Having a DPO will also ensure the organization’s competitive advantage in this digital age of data protection.
As a data protection officer, he/she must be must monitor the organization’s compliance with the DPA, its implementing rules and regulations and other issuances by the National Privacy Commission. Including the conduct of Privacy Impact Assessment, creation of a Privacy Management Program and Privacy Manual and the conduct of Breach Reporting Procedure.
In addition, a DPO should cultivate awareness to promote the culture of privacy not only within the organization, but as well as for the entire country.
The presentation will also present some issues surrounding the digital world. Including some potential breaches that may affect each individual and organization. Will also present a compilation of the most common breaches that has happened in the Philippines and how to avoid them. Technical, physical and organization security measures will also be discussed in the presentation.
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...REVULN
In July 2016, the ATM heist of Taiwan First bank is based on well-known Carberp malware family. The threat of cybercrime is becoming increasingly complex and diverse on putting citizen’s data or money in danger. Cybercrime threats are often originating from trusted, malicious, or negligent insiders, who have excessive access privileges to sensitive data. The analysis of ATM heist threats presents many opportunities for improving the quality and value of digital evidence. This talk will introduce some OSINT methods that can help investigators to perform a cybercrime investigation process in a forensically sound and timely fashion manner. This talk further points out cybercrime investigation, digital forensics, and ICT governance for fighting against cybercrime issues. It requires the sincere examination of all available data volumes at a crime scene or in a lab to present digital evidence in a court of law.
Manabu Niseki, Hirokazu Kodera - Catch Phish If You Can: A Case Study of Phis...REVULN
Phishing, an old and traditional attack, is still a thing.
Hundreds of phishing website are launched every day and it threats people around the world. Anti-Phishing Working Group (APWG) says that APWG detected 150,000+ phishing websites for the 3rd quarter of 2018.
Sometimes phishing actors make OPSEC failures and, thanks to that, researchers can obtain a phishing kit (a kit to deploy a phishing website).
We have collected 18,000+ phishing kits based on OSINT and analyzed mechanisms of phishing websites and phishing actors themselves.
In this presentation, we will show the following findings.
- How to collect phishing kits based on OSINT data.
- Analysis of phishing actors:
- Who develops a phishing kit, How to distribute it, etc.
- Including a methodology to find out a phishing actor based on information (email, username and signature) inside a phishing kit.
- We will show an analysis of Indonesian phishing actors who target Asian countries.
- Especially focusing on an actor named DevilScream/Z1Coder who develops an infamous phishing kit“16shop”.
Finally, we will show countermeasures we have taken against phishing websites and actors.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
Instagram has become one of the most popular social media platforms, allowing people to share photos, videos, and stories with their followers. Sometimes, though, you might want to view someone's story without them knowing.
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan Academic Network
1. Cyber Security, Threat Hunting
and Defense Challenge in
Taiwan Academic Network
NCHC/TWCSIRT Research Fellow
Yi-Lang Tsai
!1
2. Google Me.
• Yi-Lang Tsai (蔡⼀一郎)
• Research Fellow, NCHC (National Center for High-performance Computing)
• Leader, TWCSIRT (Taiwan Computer Security Incident Response Team)
• Leader, Security Operation Center for NCHC (National Center for High-performance Computing)
• Leader / Project Manager, Security Operation Center for TANet (Taiwan Academic Network)
• Leader, The Honeynet Project Taiwan Chapter
• Leader, OWASP Taiwan Chapter
• Leader, Cloud Security Alliance Taiwan Chapter
• Chairman, Taiwan Cyber Security Alliance
• Chairman, HoneyCon (Since 2009), CSA Taiwan Summit (Since 2013), IRCON (Since 2015)
• Director and Supervisors, Academia-Industry Consortium For Southern Taiwan Science Park, AICSP
• Supervisors, Data Protection Association, CDPA
• Director, Digital Transformation Association, DTA
• ISMS Auditor, Taiwan Government annual auditing program
• Freelance, 35 Computer books and 80+ articles
• Blog, http://blog.yilang.org/
• Facebook, LinkedIn, Yi-Lang Tsai
!2
3. Agenda
• About NCHC and TWCSIRT
• ISAC, CERT and SOC Framework
• Cyber Threat Hunting
• T.I.P design and development
• Case Study
- Anti-DDoS in Academic Network
- Malware Knowledge Database
- Cyber Defense Exercise
!3
5. Vision and Mission for NCHC
!5
Become a World-Class Supercomputing
and Big Data Center
Enable Scientific Discoveries and Technical
Innovation through prospective computing
technology and platform
6. NCHC Milestones
!6
Hsin Chu
Headquarters
Taichung Office Tainan Office
Certifications
✓ ISO 9001:2015
✓ ISO 27001:2013
✓ CSA STAR Level 2 Gold Award
✓ BS 10012
1991
Taiwan’s first
National level
supercomputer
Center
1993
Hsinchu
Headquarters
2003
NPO
under NARLabs
2004
TWAREN
Services 10G
2005
Tainan
Office
2008
Taichung
Office
2011
177 TF
Windrider super-
computer
2016
100G Network
Backbone
2017
1.33 PF
Peta scale HPC
2018
Start deploying
AI Platform
7. !7
• 252 nodes / 9072 CPU cores /2016 GPUs
• 193.5 TB memory
• 10 PB storage
• EDR InfiniBand 100 Gbps
• 1.2 PUE (Warm Water Cooling)
Hardware - whole system
• Intel Xeon Gold CPU x 2
• Nvidia Tesla V100 w/32GB x 8
• 768 GB memory
• 240 GB SSD + 4TB NVMe
Hardware - single node
• Slurm / Kubernetes
• Nvidia NGC Docker
• Ceph
• Spectrum Scale (GPFS)
• CentOS
Software Environment
• Tensorflow
• Caffé / Caffé 2
• PyTorch / Torch
• ……and more
AI Framework
10
8. About TWCSIRT
• TWCSIRT Hosted by NCHC from 2014
• Since 2015 March become the Full Member in FIRST
• Join G-ISAC become the Full Member in Taiwan
• Locate in NCHC Tainan Business Unit.
• Vision and Mission
– Handling information security incident in TWAREN (NCHC) and TANet (MOE)
– Advanced information security research and framework development
!8
9. About IRCON
• Issue analysis and information sharing to put cyber threats in control
• Establish TWCSIRT (Taiwan Computer Security Incident Response
Team) to keep up with the international security organizations
• NCHC Host Taiwan Computer Security Incident Response Conference
(IRCON) since 2015
• International Collaborations
– TWCSIRT is the official member of the cyber security
organization FIRST
– Connect major organizations, CERT and CSIRT, for international
cyber defense
– Work with industry for information sharing and technology
development
!9
10. Our Security Operation Center
• Operation: 7*24*365
• Scope:
– NARLabs, National Applied Research Laboratories
– 8 National Research Center
– TWAREN,Taiwan Advanced Research & Education Network
– 95 University
– TANet,Taiwan Academic Network
– 4000+ Schools
• Three-Tier Operation
– 1st Line: 24 Operator
– 2nd Line: 10 Engineer
– 3rd Line: 3 Researcher
!10
12. Development Next Generation Network
!12
Bandwidth Upgrade 100Gbps
New Network Topology
Single Infrastructure and
Multi Networking
Continuous Operation
Limited Budget
TANet & TWAREN
Challenges
15. Threat Intelligence Platform
!15
OWL CDX MARS
WWW
SP-ISAC TWCSIRT
Cuckoo
Sandbox
Enterprise
TIP
Dashboard
T.I.P.
Search
Engines
Vulnerability
DB
Malware Threat
Passive
DNS
Bad Domain
Track System
Other
Monogo
DB
SQL
DB
Files
16. HoneyMap
• Data Source
• Large Scale
Honeypot / Honeynet
in TANet and TWARE
• Use 6000+ IPv4
address
• Finding
• Commander &
Controller (C2) Serve
• Malware sample
• Multi-Layer malware
behaviors
!16
18. Information Sharing and Analysis
ISPs
C-ISAC
Government
Service
Network
N-ISAC
Taiwan
Academic
Network A-ISAC
GSN Incidents
GSN Incidents
Hinet Incidents
HiNet Incidents
TWCSIRT
Sharing intelligence with other partners
through Information Sharing and Analysis
Centers .
!18
International
19. Thinking
• How is addressing the issue of information sharing?
!19
Data --> Information --> Intelligence
20. The Problem
• Attacks are becoming incredibly sophisticated.
• Know what happened is one thing.
• Knowing what to look for to see if it is happening to you - is key.
• ISAC's have had limited success
• ISAC model is segmented by vertical (Financial, Energy, etc.)
• View across the sectors is critical to protecting companies
• ISACs do not allow for a Cloud Segment
!20
21. The Problem
• ISAC Model requires sending sensitive data to a trusted third party.
• Company identity is know
• Snowden incident has made sharing with trusted third parties undesirable
• Need is clear - a trusted method of sharing is required
• Company identity is quick and simple
• Incident data submission is quick and simple
• Rapid analysis of data including correlation with other reports and open
source data
• Alerts sent in minutes, not days/weeks
• Ability to anonymously discuss attacks with others and share solutions
!21
22. FIRST
• FIRST is the global Forum of Incident Response and Security Teams
• FIRST is the premier organization and recognized global leader in
incident response. Membership in FIRST enables incident response
teams to more effectively respond to security incidents reactive as well
as proactive.
• FIRST brings together a variety of computer security incident response
teams from government, commercial, and educational organizations.
FIRST aims to foster cooperation and coordination in incident
prevention, to stimulate rapid reaction to incidents, and to promote
information sharing among members and the community at large.
!22
https://first.org/
23. VirusTotal
• VirusTotal is a website created by the
Spanish security company Hispasec
Sistemas. Launched in June 2004, it was
acquired by Google Inc. in September 2012
• VirusTotal aggregates
many antivirus products and online scan
engines to check for viruses that the user's
own antivirus may have missed, or to
verify against any false positives
• File、URL Analysis
• Threat and Risk
!23
28. DDoS Incident and Action
• Collection Netflow
and learning
baseline
• Normal vs.
Abnormal
• Find attack model
• Do action in TMS to
remove DDoS traffic
• Create incident
ticket to ISAC
system
!28
31. Example: Mirai
• Mirai (Japanese: 未來來, lit. 'future') is a malware that turns
networked devices running Linux into remotely controlled
"bots" that can be used as part of a botnet in large-scale
network attacks. It primarily targets online consumer
devices such as IP cameras and home routers.
• Mirai was used, alongside BASHLITE, in the DDoS attack
on 20 September 2016 on the Krebs on Securitysite
which reached 620 Gbit/s. Ars Technica also reported a
1 Tbit/s attack on French web host OVH. On 21 October
2016 multiple major DDoS attacks in DNS services of
DNS service provider Dyn occurred using Mirai malware
installed on a large number of IoT devices, resulting in the
inaccessibility of several high-profile websites such
as GitHub, Twitter, Reddit, Netflix, Airbnb and many
others. The attribution of the Dyn attack to the Mirai
botnet was originally reported by Level 3 Communications.
!31
source: wikipedia
32. Mirai Infections
• Average Volume :
• 100,000 - 200,000 IPv4 addresses per day
• Update Frequency : Daily
• for the previous day generation at 12:00 (UTC time)
• provided as a gzip-encoded text file in CSV format
!32
# Field Name Data Type Description
1 ip IPv4 address Botnet IPs
2 time datetime Time when Datafeed Generate
35. Malware Knowledge Base in Taiwan
Malware Knowledge Base, hosted by the National Center for High-
performance Computing, is a malware analysis platform that observes
and records system behaviors conducted by analysis objects in a
controlled environment with various types of dynamic analysis tools.
The mission of Malware Knowledge Base is to strengthen malware
research and promote security innovations in both academia and
industry.
By providing malware-related resources, Malware Knowledge Base
can contribute to security research and make the Internet a safer place.
!35
36. Malware Knowledge Base
• Build the behavior analysis of the network threat
and malware
• Only malware behavior database in Taiwan
– Collect 20+ M malware samples
– Provide malware samples, analysis reports,
and search functions
• Build entrapment platform to detect attacks
– 6,000+ entrapment systems
– Collect about 65GB/day data
• Around the clock cyber security defense
– 7*24*365 security operation center(SOC)
– Average 15,000/mo. security issues
– Hold active/passive detect system
– Self developed information feedback
mechanism, enhance cyber security defense
!36
https://owl.nchc.org.tw
40. Cyber Defense eXercise
• Training
- Cloud-based training and challenge platform for cyber security
- Start and Setup training course environment in 90 seconds
- On-Demond to chose different template for learning
- Over 150+ vulnerability virtual machine
- Design and Deployment very easy
- Full time services for on-line learning
• Challenge
- CTF and King of the Hill
- Cross multi-domain to setup the environment
- Red Team Testing
- Blue Team Defense
- Internet of Things
- Cyber Physics System for Industry IoT
!40
44. InfoSec Education Program
• Working with academic
institutes, regional network
centers and universities to
provide opportunities for
students to learn information
security skills and get involved
with security projects.
!44
InfoSec Education
Internship
Program
Hands-on
Proposal
Security
Courses
46. Training Course-Vulnerability Scan
• Step 1: Open Tools VM
and Target VM
• Step 2: Login Tools VM to
learning OpenVAS
• Step 3:Waiting the scan
result
• Step 4:Reading report and
do some action for the risk
!46
48. Conclusions
• Next generation application based on more and more network
bandwidth
• How to remove DDoS attack from network operation is the key issue
in the future
• Cybersecurity Intelligence sharing and exchange
• Co-work with the other operation center to exchange and sharing
information
• Analysis and Handling malware behavior
• Collect and Analysis CDX training and challenge data
• Use AI Computing power for cyber security intelligence analysis
!48