Enviar pesquisa
Carregar
Dominique Karg - Advanced Attack Detection using OpenSource tools
•
3 gostaram
•
2,229 visualizações
Security B-Sides
Seguir
Tecnologia
Negócios
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 34
Recomendados
Stealth post-exploitation with phpsploit
Stealth post-exploitation with phpsploit
Nullbyte Security Conference
Getting_Started_With_Docker
Getting_Started_With_Docker
Jason Greathouse
CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...
CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...
CODE BLUE
Adversary tactics config mgmt-&-logs-oh-my
Adversary tactics config mgmt-&-logs-oh-my
Jesse Moore
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE
Hacker Space
Hacker Space
Prathan Phongthiproek
Http
Http
nando2207
Embedded government espionage
Embedded government espionage
Muts Byte
Recomendados
Stealth post-exploitation with phpsploit
Stealth post-exploitation with phpsploit
Nullbyte Security Conference
Getting_Started_With_Docker
Getting_Started_With_Docker
Jason Greathouse
CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...
CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...
CODE BLUE
Adversary tactics config mgmt-&-logs-oh-my
Adversary tactics config mgmt-&-logs-oh-my
Jesse Moore
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE
Hacker Space
Hacker Space
Prathan Phongthiproek
Http
Http
nando2207
Embedded government espionage
Embedded government espionage
Muts Byte
Dissecting BetaBot
Dissecting BetaBot
securityxploded
Год в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участия
defcon_kz
Jailbreak desimlock i os 7 tutoriel fr
Jailbreak desimlock i os 7 tutoriel fr
Mateo Lopez
The A and the P of the T
The A and the P of the T
pinkflawd
Introducing... Bananajour!
Introducing... Bananajour!
Tim Lucas
IoT and IIOT at QuBit Prague 2018
IoT and IIOT at QuBit Prague 2018
Avast
EKFiddle: a framework to study Exploit Kits
EKFiddle: a framework to study Exploit Kits
Jerome Segura
如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全
Tim Hsu
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
Logicaltrust pl
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
Yury Chemerkin
Zeus' Not Dead Yet
Zeus' Not Dead Yet
pinkflawd
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
Codemotion
The A and the P of the T
The A and the P of the T
Cyphort
Intrusion Techniques
Intrusion Techniques
Festival Software Livre
Mmw anti sandbox_techniques
Mmw anti sandbox_techniques
Cyphort
Mmw anti sandboxtricks
Mmw anti sandboxtricks
Cyphort
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
Cyphort
Lukas Apa - Hacking Robots Before SkyNet
Lukas Apa - Hacking Robots Before SkyNet
NoNameCon
Web Application Security
Web Application Security
MarketingArrowECS_CZ
Cyber Security Coverage heat map
Cyber Security Coverage heat map
Moti Sagey מוטי שגיא
The Good The Bad The Virtual
The Good The Bad The Virtual
Claudio Criscione
NYU Hacknight: iOS and OSX ABI
NYU Hacknight: iOS and OSX ABI
Mikhail Sosonkin
Mais conteúdo relacionado
Mais procurados
Dissecting BetaBot
Dissecting BetaBot
securityxploded
Год в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участия
defcon_kz
Jailbreak desimlock i os 7 tutoriel fr
Jailbreak desimlock i os 7 tutoriel fr
Mateo Lopez
The A and the P of the T
The A and the P of the T
pinkflawd
Introducing... Bananajour!
Introducing... Bananajour!
Tim Lucas
IoT and IIOT at QuBit Prague 2018
IoT and IIOT at QuBit Prague 2018
Avast
EKFiddle: a framework to study Exploit Kits
EKFiddle: a framework to study Exploit Kits
Jerome Segura
如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全
Tim Hsu
Mais procurados
(8)
Dissecting BetaBot
Dissecting BetaBot
Год в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участия
Jailbreak desimlock i os 7 tutoriel fr
Jailbreak desimlock i os 7 tutoriel fr
The A and the P of the T
The A and the P of the T
Introducing... Bananajour!
Introducing... Bananajour!
IoT and IIOT at QuBit Prague 2018
IoT and IIOT at QuBit Prague 2018
EKFiddle: a framework to study Exploit Kits
EKFiddle: a framework to study Exploit Kits
如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全
Semelhante a Dominique Karg - Advanced Attack Detection using OpenSource tools
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
Logicaltrust pl
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
Yury Chemerkin
Zeus' Not Dead Yet
Zeus' Not Dead Yet
pinkflawd
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
Codemotion
The A and the P of the T
The A and the P of the T
Cyphort
Intrusion Techniques
Intrusion Techniques
Festival Software Livre
Mmw anti sandbox_techniques
Mmw anti sandbox_techniques
Cyphort
Mmw anti sandboxtricks
Mmw anti sandboxtricks
Cyphort
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
Cyphort
Lukas Apa - Hacking Robots Before SkyNet
Lukas Apa - Hacking Robots Before SkyNet
NoNameCon
Web Application Security
Web Application Security
MarketingArrowECS_CZ
Cyber Security Coverage heat map
Cyber Security Coverage heat map
Moti Sagey מוטי שגיא
The Good The Bad The Virtual
The Good The Bad The Virtual
Claudio Criscione
NYU Hacknight: iOS and OSX ABI
NYU Hacknight: iOS and OSX ABI
Mikhail Sosonkin
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
Shellmates
How to hide your browser 0-days
How to hide your browser 0-days
Zoltan Balazs
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
Shah Sheikh
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
Drivesploit: Circumventing Both Automated AND Manual Drive-By-Download Detection
Drivesploit: Circumventing Both Automated AND Manual Drive-By-Download Detection
Wayne Huang
Unmasking or De-Anonymizing You
Unmasking or De-Anonymizing You
E Hacking
Semelhante a Dominique Karg - Advanced Attack Detection using OpenSource tools
(20)
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
Zeus' Not Dead Yet
Zeus' Not Dead Yet
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
The A and the P of the T
The A and the P of the T
Intrusion Techniques
Intrusion Techniques
Mmw anti sandbox_techniques
Mmw anti sandbox_techniques
Mmw anti sandboxtricks
Mmw anti sandboxtricks
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
Lukas Apa - Hacking Robots Before SkyNet
Lukas Apa - Hacking Robots Before SkyNet
Web Application Security
Web Application Security
Cyber Security Coverage heat map
Cyber Security Coverage heat map
The Good The Bad The Virtual
The Good The Bad The Virtual
NYU Hacknight: iOS and OSX ABI
NYU Hacknight: iOS and OSX ABI
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
How to hide your browser 0-days
How to hide your browser 0-days
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Drivesploit: Circumventing Both Automated AND Manual Drive-By-Download Detection
Drivesploit: Circumventing Both Automated AND Manual Drive-By-Download Detection
Unmasking or De-Anonymizing You
Unmasking or De-Anonymizing You
Mais de Security B-Sides
Lord of the bing b-sides atl
Lord of the bing b-sides atl
Security B-Sides
The road to hell v0.6
The road to hell v0.6
Security B-Sides
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
Security B-Sides
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Security B-Sides
Social Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike Bailey
Security B-Sides
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...
Security B-Sides
Risk Management - Time to blow it up and start over? - Alex Hutton
Risk Management - Time to blow it up and start over? - Alex Hutton
Security B-Sides
Security? Who cares! - Brett Hardin
Security? Who cares! - Brett Hardin
Security B-Sides
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Security B-Sides
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Security B-Sides
The Great Compliance Debate: No Child Left Behind or The Polio Vaccine
The Great Compliance Debate: No Child Left Behind or The Polio Vaccine
Security B-Sides
2009 Zacon Haroon Meer
2009 Zacon Haroon Meer
Security B-Sides
Enterprise Portals - Gateway to the Gold
Enterprise Portals - Gateway to the Gold
Security B-Sides
From fishing to phishing to ?
From fishing to phishing to ?
Security B-Sides
Getting punched in the face
Getting punched in the face
Security B-Sides
Make Tea Not War
Make Tea Not War
Security B-Sides
OWASP Proxy
OWASP Proxy
Security B-Sides
Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)
Security B-Sides
Exploitation
Exploitation
Security B-Sides
Layer 2 Hackery
Layer 2 Hackery
Security B-Sides
Mais de Security B-Sides
(20)
Lord of the bing b-sides atl
Lord of the bing b-sides atl
The road to hell v0.6
The road to hell v0.6
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Social Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike Bailey
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...
Risk Management - Time to blow it up and start over? - Alex Hutton
Risk Management - Time to blow it up and start over? - Alex Hutton
Security? Who cares! - Brett Hardin
Security? Who cares! - Brett Hardin
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
The Great Compliance Debate: No Child Left Behind or The Polio Vaccine
The Great Compliance Debate: No Child Left Behind or The Polio Vaccine
2009 Zacon Haroon Meer
2009 Zacon Haroon Meer
Enterprise Portals - Gateway to the Gold
Enterprise Portals - Gateway to the Gold
From fishing to phishing to ?
From fishing to phishing to ?
Getting punched in the face
Getting punched in the face
Make Tea Not War
Make Tea Not War
OWASP Proxy
OWASP Proxy
Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)
Exploitation
Exploitation
Layer 2 Hackery
Layer 2 Hackery
Último
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
The Digital Insurer
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Último
(20)
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Dominique Karg - Advanced Attack Detection using OpenSource tools
1.
AdvancedAttackDetection TheOpenSource Way
:-) Dominique KargAlienVault / OSSIMBSidesSF 2010
2.
Whatthistalkisnotabout
3.
The Play (AAA)
Selfreminder: don‘tforgettellingwhatthisis all going to beabout.
4.
Actors (Presentingtheplayers)
5.
ZEUS Askyourlocalmalwareprovider.
6.
TrojanEmulation/Analisys AlienVRTjaime.blasco@alienvault.com
7.
NIDS http://www.snort.org
8.
Host behavior/Anomalies Spade/Spada
AlienVRTjaime.blasco@alienvault.com
9.
HIDS Trend... http://www.ossec.net
10.
Windows Policies Snare
http://www.intersectalliance.org
11.
Flows ... NFDump/NFSen
Heavilymodifiedfor OSSIM
12.
TrafficBehavior NTop http://www.ntop.org
13.
Correlation OSSIM http://www.alienvault.com
14.
Attack (Whattheuserdoes *not*
see)
15.
Installation Descriptiondetailesbased on:
http://www.noryak.net/papers/zeus.pdf
16.
System informationgathering Descriptiondetailesbased
on: http://www.noryak.net/papers/zeus.pdf
17.
CredentialStealing Descriptiondetailesbased on:
http://www.noryak.net/papers/zeus.pdf
18.
Environmentdiscovery Descriptiondetailesbased on:
http://www.noryak.net/papers/zeus.pdf
19.
Callinghome Descriptiondetailesbased on:
http://www.noryak.net/papers/zeus.pdf
20.
Web pageinjection Descriptiondetailesbased
on: http://www.noryak.net/papers/zeus.pdf
21.
Analysis (Whathappensbehindthescenes)
22.
NIDS Events (Unreliable,
signaturebased, false positives)
23.
Host Behavior/Anomalies (Misconfiguredservices
cause those)
24.
HIDS Events (False
positives, lessdangerousstuff, signaturebased)
25.
Windows Policies 592
– Processcreation 593 – Processdestruction 577 – Privsystemcalls (Noisy to filter out)
26.
Flows (Malware mightcontactnon-RBNhosts)
27.
Trafficbehavior (Hard to
tune, tons of false positives)
28.
Correlation (The Key
to success)
29.
Conclusion (Obtainingreliablesecuritythroughbruteforce)
30.
No single Pointof
Failure
31.
Easilyaddnewcomponents
32.
Free! Cheap!
33.
34.
Trythis out
35.
Improveit
36.
Share it
37.