SlideShare uma empresa Scribd logo

Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]

Websec México, S.C.
Websec México, S.C.

http://www.guadalajaracon.org/conferencias/echidna-sistema-de-respuesta-incidentes-open-source/ El proyecto Echidna es un sistema de respuesta incidentes dirigido a analistas de seguridad siguiendo los principios de Network Security Monitoring. Se trata de un proyecto totalmente Open Source donde comparto crédito con autores de populares herramientas como Ian Firns (Barnyard2, SecurityOnion NSM Scripts) y Edward Bjarte (cxtracker, passivedns, prads, etc.). Echidna consiste en agentes, servidor e interfaz de usuario. Los agentes y los servidores estan programados en perl, las aplicaciones especializadas (sesion, eventos…) estan hechos en C/C++. La interfaz de usuario funciona del lado del cliente usando AngularJS. El servidor provee una API REST para uso de la UI o cualquier otro tipo de interfaz alternativa. El proposito de Echidna es integrar diferentes herramientas de análisis en red para las diferentes capas de NSM. Desde Suricata/Snort hasta HTTPRY. Lo interesante es que la mayoría del stack por default son nuestras propias herramientas ej. Cxtracker – sesiones, barnyard2 – spooler de eventos para snort/suricata, prads -deteccion de assets, passivedns – analisis de dns pasivo, etc. Ian aka firnsy es core dev y Edward aka ebf0 dirije desde la perspectiva de analista. Cada uno ha creado uno o mas herramientas expertas que Echidna integra en el stack.

TecnologiaEducação
1 de 45
Baixar para ler offline
Echidna  Framework   NSM/IR  Open  Source  System  
whoami            Eduardo  Urias  (larsx2)            OSCP,  OSWP,  Security+                            SoGware  Engineer  at:                            Security  Consultant  at:        
So,  What  is  NSM?  
Network  Security  Monitoring       “It’s  the  collecMon,  analysis  and  escalaMon  of   indicaMons  and  warnings  to  respond  to   intrusions”  
Let  me  repeat  that   CollecMon            This  is  where  you  do  data  adquisiMon   Analysis            This  require  correlaMon  and  human  analysis     EscalaMon            An  authority  decides  how  to  proceed     =  This  shit  is  a  methodology,  NOT  a  product                        IDS  !=  NSM  !=  SIEM  !=  Log  Management  
NSM  Process   •  Products  perform  collec%on   –  A  piece  of  soGware  or  appliance  whose  purpose  is  to   analyze  packets  on  the  network.     •  People  perform  analysis   –  While  products  can  perform  conclusions  of  what  they   see,  only  people  can  provide  context.     •  Processes  guides  escala%on   –  EscalaMon  is  the  act  of  bringing  informaMon  to  the   a[enMon  of  decision  makers.  
NSM  Principles   •  Some  intruders  are  smarter  than  you   •  Many  intruders  are  unpredictable   •  PrevenMon  eventually  fails   •  Intruders  who  can  communicate  with  vicMms  can   be  detected   •  DetecMon  through  sampling  is  be[er  than  no   detecMon   •  DetecMon  through  traffic  analysis  is  be[er  than   no  detecMon  at  all  
(SIEM)  Alert-­‐centric  soluMons  rely  on..     •  A[acks  can  be  understood  prior  execuMon   •  Methods  to  detect  or  prevent  a[acks  can  be   encapsulated  in  programming  logic   •  Customers  will  purchase,  properly  configure,   and  effecMvely  deploy  products  offering   sufficient  defensive  logic   •  The  customer’s  environment  will  behave  as   anMcipated  by  the  developers  and  vendors  
(NSM)  Traffic-­‐centric  approach     •  NSM  Analysts  treat  ALL  data  as  indicators,  not   “false  posiMves”  or  “false  negaMves”   •  Relies  in  at  least  4  types  of  data:   ü   StaMsMcal     ü   Session   ü   Full  Content   ü   Alert   •  NSM  uses  a  “dumb  is  be[er”  approach  relying   on  traffic  to  verify  the  context  of  indicaMons  and   warnings  as  part  of  an  invesMgaMon.  
NSM  Model   Alert   –  “Snort  fires  an  alert  related  to  an  FTP  bounce  a[ack”   Session   –  “We  request  the  session/nealow  acMvity  in  the  past  4   hours  of  src/dst  ip”   Full  Content   –  “We  request  the  full  packet  capture  of  one  of  the   sessions  to  see  the  FTP  commands  sent  in  the  control   channel”  
StaMsMcal  Data      
Alert      
Session  
Full  Packet  Capture        
In  other  words….  
Just  Kidding….  
SIEM’s  are  part  of  the  tools  used  in   the  process,  just  not  the  end.  
Sguil  by  Bamm  Vischer      
Snorby  by  DusMn  Webber  
Snorby  Cloud  (now  Threat  Stack)  
Squert  by  Paul  Halliday  
Cool  Bro.   Why  don’t  we  use  one  of  those  fancy   tools  as  well  and  forget  about  this   talk.  
Why  do  we  subscribe  to  this?   Because…..  
We  want  to  offer  something  cool  too   ü Open  Source  SoGware     ü Easy  to  Maintain   ü That  can  be  extended  using  other  awesome   OSS  tools   ü Scalable  and  easy  to  integrate   ü Nice  API  please?  
Enter  Echidna  
Echidna  Architecture   Echidna  Server:     ü   Perl-­‐based   ü   Server/Node  CnC  communicaMon  is  done   through  WebSockets  (near-­‐realMme).   ü   Retrieval  and  Submission  of  data  is  done  through   a  REST  interface   ü   Modular  architecture  (use  what  you  need)   ü   It  can  be  used  for  RelaMonal  DBs  and  NoSQL  
Server:  Fetch  some  records       URI:            h[p://inspectlabs.com:6970               Controller:            /api/pdns   Parameters:    ?    fields                        =  client,server,answer                  &  query_type  =  A      &  query                      =  nsm.metaflows.com.      &  from                    =  2012-­‐07-­‐09  10:21:27    &  to                                    =  2012-­‐07-­‐09  10:21:27     Which  means:          Give  me  the  client  ip,  server  ip  and  query  answer  of  all  DNS  peMMons  that  returned       an  address  record  at  10:21:27AM  of  2012-­‐07-­‐09  
Server  REST  API  Response  
Echidna  Architecture     Echidna  UI:     ü   100%  JavaScript   ü   Client-­‐side  MVC  using  Google’s  AngularJS   ü   HTML5  Stuff   ü   Focus  on  usability  without  compromising   aestheMcs  
Login  
PassiveDNS  View  
Session  (cxtracker)  View  
Event  (alert)  View  
Echidna  as  an  API  
Open  Source  GPLv2  
Turns  out,  this  is  Alpha  stage   •  Not  Feature  Complete   •  Not  ProducMon  Ready   •  Frequent  updates   •  Features  are  being  added   •  Focused  on  NSM  for  Analysts    
We  expect  an  evoluMon  to  Beta  in   about  2  weeks  
Development   Server/Agents   – Perl  /  Mojolicious   Low  Level  Components   – C/C++   User  Interface   –  JavaScript  /  AngularJS   Protocol   – REST  /  WebSockets  
Team                                            Edward  Fjellskal  (ebf0)  –  Analyst                                        Ian  Firns                            (firnsy)  –  Coder                                        Eduardo  Urias        (larsx2)  –  Coder  
Future  (not  too  far  away)   ü   OISF  -­‐  Open  InformaMon  Security  FoundaMon            Suricata’s  next  big  friend!   ü   Bro  IDS  Engine  IntegraMon            Cool  tools  should  hang  together!   ü   Cassandra/Hadoop  Support            SomeMmes  things  get  out  of  control.   ü   Full  Text  Search  Support            I  am  looking  at  you  ElasMcSearch  ಠ_ಠ!  
Wanted!   JavaScript  Hackers!   – Jump  in  for  the  development  of  a  fully  featured     client  side  UI  for  security  analysis   Perl/Python  Hackers!   – Help  us  creaMng  components/plugins  for  our   framework  to  support  more  services!   C/C++  Hackers!   – Want  to  build  new  specialized  components  for   network  analysis  on  extremely  fast  networks?  
Props  to:   ü Richard  Bejtlich     ü Bamm  Vischer       ü Ma[  Jonkman       ü David  McNelis   ü Ian  Firns                             ü Edward  Bjarte         ü DusMn  Webber       Because  in  some  way  or  another  all  helped  in  that  I   could  do  this  talk    
Contact  Me   ü @larsx2   ü edw.urias  [at]  gmail.com   ü IRC  -­‐>  #snort-­‐gui  and  #nsmframework   ü Cel.  +521  6621  <deadbeef>   ü github.com/firnsy/echidna-­‐refresh  

Recomendados

BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat Security Conference
 
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...BlueHat Security Conference
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwarePriyanka Aash
 
Windows network
Windows networkWindows network
Windows networkJithesh Nair
 
Naxsi, an open source WAF for Nginx
Naxsi, an open source WAF for NginxNaxsi, an open source WAF for Nginx
Naxsi, an open source WAF for NginxPositive Hack Days
 
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECU...
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECU...Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECU...
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECU...Priyanka Aash
 
NGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talkNGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talkWallarm
 
BlueHat v17 || You Are Making Application Whitelisting Difficult
BlueHat v17 || You Are Making Application Whitelisting Difficult BlueHat v17 || You Are Making Application Whitelisting Difficult
BlueHat v17 || You Are Making Application Whitelisting Difficult BlueHat Security Conference
 

Recomendados

BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat Security Conference
 
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...BlueHat Security Conference
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwarePriyanka Aash
 
Windows network
Windows networkWindows network
Windows networkJithesh Nair
 
Naxsi, an open source WAF for Nginx
Naxsi, an open source WAF for NginxNaxsi, an open source WAF for Nginx
Naxsi, an open source WAF for NginxPositive Hack Days
 
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECU...
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECU...Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECU...
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECU...Priyanka Aash
 
NGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talkNGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talkWallarm
 
BlueHat v17 || You Are Making Application Whitelisting Difficult
BlueHat v17 || You Are Making Application Whitelisting Difficult BlueHat v17 || You Are Making Application Whitelisting Difficult
BlueHat v17 || You Are Making Application Whitelisting Difficult BlueHat Security Conference
 
Rugged DevOps at Scale with Rich Mogull
Rugged DevOps at Scale with Rich MogullRugged DevOps at Scale with Rich Mogull
Rugged DevOps at Scale with Rich MogullSeniorStoryteller
 
Security War Games
Security War GamesSecurity War Games
Security War GamesSeniorStoryteller
 
The (Memory) Safety Dance - SAS 2017 keynote
The (Memory) Safety Dance - SAS 2017 keynoteThe (Memory) Safety Dance - SAS 2017 keynote
The (Memory) Safety Dance - SAS 2017 keynoteMarkDowd13
 
Breaking av software
Breaking av softwareBreaking av software
Breaking av softwareThomas Pollet
 
Attacking antivirus
Attacking antivirusAttacking antivirus
Attacking antivirusUltraUploader
 
Bh us 11_tsai_pan_weapons_targeted_attack_wp
Bh us 11_tsai_pan_weapons_targeted_attack_wpBh us 11_tsai_pan_weapons_targeted_attack_wp
Bh us 11_tsai_pan_weapons_targeted_attack_wpgeeksec80
 
Android Application Security
Android Application SecurityAndroid Application Security
Android Application SecurityChong-Kuan Chen
 
2012 S&P Paper Reading Session1
2012 S&P Paper Reading Session12012 S&P Paper Reading Session1
2012 S&P Paper Reading Session1Chong-Kuan Chen
 
Packet Capture on AWS
Packet Capture on AWSPacket Capture on AWS
Packet Capture on AWSTeri Radichel
 
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...iotcloudserve_tein
 
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptWarning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptCyber Security Alliance
 
Cloud security : Automate or die
Cloud security : Automate or dieCloud security : Automate or die
Cloud security : Automate or diePriyanka Aash
 
Supply Chainsaw
Supply ChainsawSupply Chainsaw
Supply Chainsawscriptjunkie
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Needamiable_indian
 
AusCERT 2016: CVE and alternatives
AusCERT 2016: CVE and alternativesAusCERT 2016: CVE and alternatives
AusCERT 2016: CVE and alternativesDavid Jorm
 
dotSecurity2017
dotSecurity2017dotSecurity2017
dotSecurity2017Zane Lackey
 
Ch 6: Attacking Authentication
Ch 6: Attacking AuthenticationCh 6: Attacking Authentication
Ch 6: Attacking AuthenticationSam Bowne
 
Secure Node Code (workshop, O'Reilly Security)
Secure Node Code (workshop, O'Reilly Security)Secure Node Code (workshop, O'Reilly Security)
Secure Node Code (workshop, O'Reilly Security)Guy Podjarny
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainInfosecTrain
 
Protocolos criptográficos para uso futuro (y actual) [GuadalajaraCON 2013]
Protocolos criptográficos para uso futuro (y actual) [GuadalajaraCON 2013]Protocolos criptográficos para uso futuro (y actual) [GuadalajaraCON 2013]
Protocolos criptográficos para uso futuro (y actual) [GuadalajaraCON 2013]Websec México, S.C.
 
Que hacer legalmente si soy victima de ataques informáticos [GuadalajaraCON 2...
Que hacer legalmente si soy victima de ataques informáticos [GuadalajaraCON 2...Que hacer legalmente si soy victima de ataques informáticos [GuadalajaraCON 2...
Que hacer legalmente si soy victima de ataques informáticos [GuadalajaraCON 2...Websec México, S.C.
 

Mais conteúdo relacionado

Mais procurados

Rugged DevOps at Scale with Rich Mogull
Rugged DevOps at Scale with Rich MogullRugged DevOps at Scale with Rich Mogull
Rugged DevOps at Scale with Rich MogullSeniorStoryteller
 
The (Memory) Safety Dance - SAS 2017 keynote
The (Memory) Safety Dance - SAS 2017 keynoteThe (Memory) Safety Dance - SAS 2017 keynote
The (Memory) Safety Dance - SAS 2017 keynoteMarkDowd13
 
Breaking av software
Breaking av softwareBreaking av software
Breaking av softwareThomas Pollet
 
Bh us 11_tsai_pan_weapons_targeted_attack_wp
Bh us 11_tsai_pan_weapons_targeted_attack_wpBh us 11_tsai_pan_weapons_targeted_attack_wp
Bh us 11_tsai_pan_weapons_targeted_attack_wpgeeksec80
 
Android Application Security
Android Application SecurityAndroid Application Security
Android Application SecurityChong-Kuan Chen
 
2012 S&P Paper Reading Session1
2012 S&P Paper Reading Session12012 S&P Paper Reading Session1
2012 S&P Paper Reading Session1Chong-Kuan Chen
 
Packet Capture on AWS
Packet Capture on AWSPacket Capture on AWS
Packet Capture on AWSTeri Radichel
 
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...iotcloudserve_tein
 
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptWarning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptCyber Security Alliance
 
Cloud security : Automate or die
Cloud security : Automate or dieCloud security : Automate or die
Cloud security : Automate or diePriyanka Aash
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Needamiable_indian
 
AusCERT 2016: CVE and alternatives
AusCERT 2016: CVE and alternativesAusCERT 2016: CVE and alternatives
AusCERT 2016: CVE and alternativesDavid Jorm
 
Ch 6: Attacking Authentication
Ch 6: Attacking AuthenticationCh 6: Attacking Authentication
Ch 6: Attacking AuthenticationSam Bowne
 
Secure Node Code (workshop, O'Reilly Security)
Secure Node Code (workshop, O'Reilly Security)Secure Node Code (workshop, O'Reilly Security)
Secure Node Code (workshop, O'Reilly Security)Guy Podjarny
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainInfosecTrain
 

Mais procurados (20)

Rugged DevOps at Scale with Rich Mogull
Rugged DevOps at Scale with Rich MogullRugged DevOps at Scale with Rich Mogull
Rugged DevOps at Scale with Rich Mogull
 
Security War Games
Security War GamesSecurity War Games
Security War Games
 
The (Memory) Safety Dance - SAS 2017 keynote
The (Memory) Safety Dance - SAS 2017 keynoteThe (Memory) Safety Dance - SAS 2017 keynote
The (Memory) Safety Dance - SAS 2017 keynote
 
Breaking av software
Breaking av softwareBreaking av software
Breaking av software
 
Attacking antivirus
Attacking antivirusAttacking antivirus
Attacking antivirus
 
Bh us 11_tsai_pan_weapons_targeted_attack_wp
Bh us 11_tsai_pan_weapons_targeted_attack_wpBh us 11_tsai_pan_weapons_targeted_attack_wp
Bh us 11_tsai_pan_weapons_targeted_attack_wp
 
Android Application Security
Android Application SecurityAndroid Application Security
Android Application Security
 
2012 S&P Paper Reading Session1
2012 S&P Paper Reading Session12012 S&P Paper Reading Session1
2012 S&P Paper Reading Session1
 
Packet Capture on AWS
Packet Capture on AWSPacket Capture on AWS
Packet Capture on AWS
 
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...
 
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptWarning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
 
Cloud security : Automate or die
Cloud security : Automate or dieCloud security : Automate or die
Cloud security : Automate or die
 
Supply Chainsaw
Supply ChainsawSupply Chainsaw
Supply Chainsaw
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Need
 
AusCERT 2016: CVE and alternatives
AusCERT 2016: CVE and alternativesAusCERT 2016: CVE and alternatives
AusCERT 2016: CVE and alternatives
 
dotSecurity2017
dotSecurity2017dotSecurity2017
dotSecurity2017
 
Ch 6: Attacking Authentication
Ch 6: Attacking AuthenticationCh 6: Attacking Authentication
Ch 6: Attacking Authentication
 
Secure Node Code (workshop, O'Reilly Security)
Secure Node Code (workshop, O'Reilly Security)Secure Node Code (workshop, O'Reilly Security)
Secure Node Code (workshop, O'Reilly Security)
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your Network
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ Infosectrain
 

Destaque

Protocolos criptográficos para uso futuro (y actual) [GuadalajaraCON 2013]
Protocolos criptográficos para uso futuro (y actual) [GuadalajaraCON 2013]Protocolos criptográficos para uso futuro (y actual) [GuadalajaraCON 2013]
Protocolos criptográficos para uso futuro (y actual) [GuadalajaraCON 2013]Websec México, S.C.
 
Que hacer legalmente si soy victima de ataques informáticos [GuadalajaraCON 2...
Que hacer legalmente si soy victima de ataques informáticos [GuadalajaraCON 2...Que hacer legalmente si soy victima de ataques informáticos [GuadalajaraCON 2...
Que hacer legalmente si soy victima de ataques informáticos [GuadalajaraCON 2...Websec México, S.C.
 
APT’s en profundidad: Disectando y analizando ataques persistentes [Guadalaja...
APT’s en profundidad: Disectando y analizando ataques persistentes [Guadalaja...APT’s en profundidad: Disectando y analizando ataques persistentes [Guadalaja...
APT’s en profundidad: Disectando y analizando ataques persistentes [Guadalaja...Websec México, S.C.
 
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]Websec México, S.C.
 
Nuevas técnicas de optimización y ofuscación [GuadalajaraCON 2013]
Nuevas técnicas de optimización y ofuscación [GuadalajaraCON 2013]Nuevas técnicas de optimización y ofuscación [GuadalajaraCON 2013]
Nuevas técnicas de optimización y ofuscación [GuadalajaraCON 2013]Websec México, S.C.
 
Seguridad física, mira mamá, como Jason Bourne [GuadalajaraCON 2013]
Seguridad física, mira mamá, como Jason Bourne [GuadalajaraCON 2013]Seguridad física, mira mamá, como Jason Bourne [GuadalajaraCON 2013]
Seguridad física, mira mamá, como Jason Bourne [GuadalajaraCON 2013]Websec México, S.C.
 
Desarrollando para Nmap Scripting Engine (NSE) [GuadalajaraCON 2013]
Desarrollando para Nmap Scripting Engine (NSE) [GuadalajaraCON 2013]Desarrollando para Nmap Scripting Engine (NSE) [GuadalajaraCON 2013]
Desarrollando para Nmap Scripting Engine (NSE) [GuadalajaraCON 2013]Websec México, S.C.
 
LOG craziness: Sistemas SIEM para humanos! [GuadalajaraCON 2013]
LOG craziness: Sistemas SIEM para humanos! [GuadalajaraCON 2013]LOG craziness: Sistemas SIEM para humanos! [GuadalajaraCON 2013]
LOG craziness: Sistemas SIEM para humanos! [GuadalajaraCON 2013]Websec México, S.C.
 

Destaque (8)

Protocolos criptográficos para uso futuro (y actual) [GuadalajaraCON 2013]
Protocolos criptográficos para uso futuro (y actual) [GuadalajaraCON 2013]Protocolos criptográficos para uso futuro (y actual) [GuadalajaraCON 2013]
Protocolos criptográficos para uso futuro (y actual) [GuadalajaraCON 2013]
 
Que hacer legalmente si soy victima de ataques informáticos [GuadalajaraCON 2...
Que hacer legalmente si soy victima de ataques informáticos [GuadalajaraCON 2...Que hacer legalmente si soy victima de ataques informáticos [GuadalajaraCON 2...
Que hacer legalmente si soy victima de ataques informáticos [GuadalajaraCON 2...
 
APT’s en profundidad: Disectando y analizando ataques persistentes [Guadalaja...
APT’s en profundidad: Disectando y analizando ataques persistentes [Guadalaja...APT’s en profundidad: Disectando y analizando ataques persistentes [Guadalaja...
APT’s en profundidad: Disectando y analizando ataques persistentes [Guadalaja...
 
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
 
Nuevas técnicas de optimización y ofuscación [GuadalajaraCON 2013]
Nuevas técnicas de optimización y ofuscación [GuadalajaraCON 2013]Nuevas técnicas de optimización y ofuscación [GuadalajaraCON 2013]
Nuevas técnicas de optimización y ofuscación [GuadalajaraCON 2013]
 
Seguridad física, mira mamá, como Jason Bourne [GuadalajaraCON 2013]
Seguridad física, mira mamá, como Jason Bourne [GuadalajaraCON 2013]Seguridad física, mira mamá, como Jason Bourne [GuadalajaraCON 2013]
Seguridad física, mira mamá, como Jason Bourne [GuadalajaraCON 2013]
 
Desarrollando para Nmap Scripting Engine (NSE) [GuadalajaraCON 2013]
Desarrollando para Nmap Scripting Engine (NSE) [GuadalajaraCON 2013]Desarrollando para Nmap Scripting Engine (NSE) [GuadalajaraCON 2013]
Desarrollando para Nmap Scripting Engine (NSE) [GuadalajaraCON 2013]
 
LOG craziness: Sistemas SIEM para humanos! [GuadalajaraCON 2013]
LOG craziness: Sistemas SIEM para humanos! [GuadalajaraCON 2013]LOG craziness: Sistemas SIEM para humanos! [GuadalajaraCON 2013]
LOG craziness: Sistemas SIEM para humanos! [GuadalajaraCON 2013]
 

Semelhante a Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]

OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan MarcilOWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan MarcilJonathan Marcil
 
Deepfence.pdf
Deepfence.pdfDeepfence.pdf
Deepfence.pdfVishwas N
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesReliaQuest
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Sqreen
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjurconjur_inc
 
SHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditDSHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditDThreat Stack
 
Building world-class security response and secure development processes
Building world-class security response and secure development processesBuilding world-class security response and secure development processes
Building world-class security response and secure development processesDavid Jorm
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays
 
Secure App Aspirations: Why it is very difficult in the real world
Secure App Aspirations: Why it is very difficult in the real worldSecure App Aspirations: Why it is very difficult in the real world
Secure App Aspirations: Why it is very difficult in the real worldOllie Whitehouse
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsDemetrio Milea
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...B.A.
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summaryKarun Chennuri
 
SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC Anton Chuvakin
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
Security for AWS : Journey to Least Privilege (update)
Security for AWS : Journey to Least Privilege (update)Security for AWS : Journey to Least Privilege (update)
Security for AWS : Journey to Least Privilege (update)dhubbard858
 
Security for AWS: Journey to Least Privilege
Security for AWS: Journey to Least PrivilegeSecurity for AWS: Journey to Least Privilege
Security for AWS: Journey to Least PrivilegeLacework
 
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSourceDevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSourceDevOps Indonesia
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDJames Wickett
 

Semelhante a Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013] (20)

OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan MarcilOWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
 
Deepfence.pdf
Deepfence.pdfDeepfence.pdf
Deepfence.pdf
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM Techniques
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjur
 
SHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditDSHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditD
 
Building world-class security response and secure development processes
Building world-class security response and secure development processesBuilding world-class security response and secure development processes
Building world-class security response and secure development processes
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
 
Secure App Aspirations: Why it is very difficult in the real world
Secure App Aspirations: Why it is very difficult in the real worldSecure App Aspirations: Why it is very difficult in the real world
Secure App Aspirations: Why it is very difficult in the real world
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security Analytics
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summary
 
SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
 
Security for AWS : Journey to Least Privilege (update)
Security for AWS : Journey to Least Privilege (update)Security for AWS : Journey to Least Privilege (update)
Security for AWS : Journey to Least Privilege (update)
 
Security for AWS: Journey to Least Privilege
Security for AWS: Journey to Least PrivilegeSecurity for AWS: Journey to Least Privilege
Security for AWS: Journey to Least Privilege
 
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSourceDevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
 
Pentesting iOS Apps
Pentesting iOS AppsPentesting iOS Apps
Pentesting iOS Apps
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
 

Mais de Websec México, S.C.

Ciberseguridad durante la pandemia [Paulino Calderon]
Ciberseguridad durante la pandemia [Paulino Calderon]Ciberseguridad durante la pandemia [Paulino Calderon]
Ciberseguridad durante la pandemia [Paulino Calderon]Websec México, S.C.
 
OWASP IoTGoat - Enseñando a desarrolladores IoT a crear productos seguros - P...
OWASP IoTGoat - Enseñando a desarrolladores IoT a crear productos seguros - P...OWASP IoTGoat - Enseñando a desarrolladores IoT a crear productos seguros - P...
OWASP IoTGoat - Enseñando a desarrolladores IoT a crear productos seguros - P...Websec México, S.C.
 
Estadisticas de redes 802.11 en Mexico (2013) por Paulino Calderon
Estadisticas de redes 802.11 en Mexico (2013) por Paulino CalderonEstadisticas de redes 802.11 en Mexico (2013) por Paulino Calderon
Estadisticas de redes 802.11 en Mexico (2013) por Paulino CalderonWebsec México, S.C.
 
Derrotando a changos con scanners [Paulino Calderon]
Derrotando a changos con scanners [Paulino Calderon]Derrotando a changos con scanners [Paulino Calderon]
Derrotando a changos con scanners [Paulino Calderon]Websec México, S.C.
 
Old fox new tricks malicious macros are back
Old fox new tricks malicious macros are backOld fox new tricks malicious macros are back
Old fox new tricks malicious macros are backWebsec México, S.C.
 
Explotación de vulnerabilidades recientes de Windows - Agosto 2017
Explotación de vulnerabilidades recientes de Windows - Agosto 2017Explotación de vulnerabilidades recientes de Windows - Agosto 2017
Explotación de vulnerabilidades recientes de Windows - Agosto 2017Websec México, S.C.
 
Mi experiencia en el programa Google Summer of Code
Mi experiencia en el programa Google Summer of CodeMi experiencia en el programa Google Summer of Code
Mi experiencia en el programa Google Summer of CodeWebsec México, S.C.
 
Escribiendo firmas para el sistema de detección de versiones de Nmap
Escribiendo firmas para el sistema de detección de versiones de NmapEscribiendo firmas para el sistema de detección de versiones de Nmap
Escribiendo firmas para el sistema de detección de versiones de NmapWebsec México, S.C.
 
El porqué está fallando tu programa de seguridad informática por Paulino Cald...
El porqué está fallando tu programa de seguridad informática por Paulino Cald...El porqué está fallando tu programa de seguridad informática por Paulino Cald...
El porqué está fallando tu programa de seguridad informática por Paulino Cald...Websec México, S.C.
 
Pwning corporate networks in a single day by Paulino Calderon Pale
Pwning corporate networks in a single day by Paulino Calderon PalePwning corporate networks in a single day by Paulino Calderon Pale
Pwning corporate networks in a single day by Paulino Calderon PaleWebsec México, S.C.
 
CPMX7 Pwneando redes informáticas por Paulino Calderon
CPMX7 Pwneando redes informáticas por Paulino CalderonCPMX7 Pwneando redes informáticas por Paulino Calderon
CPMX7 Pwneando redes informáticas por Paulino CalderonWebsec México, S.C.
 
Dragonjarcon2015 - ¿Cómo programar aplicaciones seguras? por Paulino Calderon...
Dragonjarcon2015 - ¿Cómo programar aplicaciones seguras? por Paulino Calderon...Dragonjarcon2015 - ¿Cómo programar aplicaciones seguras? por Paulino Calderon...
Dragonjarcon2015 - ¿Cómo programar aplicaciones seguras? por Paulino Calderon...Websec México, S.C.
 
Explotación práctica de señales de radio por Luis Colunga
Explotación práctica de señales de radio por Luis ColungaExplotación práctica de señales de radio por Luis Colunga
Explotación práctica de señales de radio por Luis ColungaWebsec México, S.C.
 
Pentesting 101 por Paulino Calderon
Pentesting 101 por Paulino CalderonPentesting 101 por Paulino Calderon
Pentesting 101 por Paulino CalderonWebsec México, S.C.
 
Obtener contraseñas del directorio activo por hkm
Obtener contraseñas del directorio activo por hkmObtener contraseñas del directorio activo por hkm
Obtener contraseñas del directorio activo por hkmWebsec México, S.C.
 
Recuperacion de defaces con versionador Git por Alevsk
Recuperacion de defaces con versionador Git por Alevsk Recuperacion de defaces con versionador Git por Alevsk
Recuperacion de defaces con versionador Git por Alevsk Websec México, S.C.
 
Seguridad en Bitcoin por Luis Daniel Beltran
Seguridad en Bitcoin por Luis Daniel BeltranSeguridad en Bitcoin por Luis Daniel Beltran
Seguridad en Bitcoin por Luis Daniel BeltranWebsec México, S.C.
 
CPMX5 - Hacking like a boss por Roberto Salgado
CPMX5 - Hacking like a boss por Roberto SalgadoCPMX5 - Hacking like a boss por Roberto Salgado
CPMX5 - Hacking like a boss por Roberto SalgadoWebsec México, S.C.
 
CPMX5 - Las nuevas generaciones de redes por Luis Colunga
CPMX5 - Las nuevas generaciones de redes por Luis ColungaCPMX5 - Las nuevas generaciones de redes por Luis Colunga
CPMX5 - Las nuevas generaciones de redes por Luis ColungaWebsec México, S.C.
 

Mais de Websec México, S.C. (20)

Ciberseguridad durante la pandemia [Paulino Calderon]
Ciberseguridad durante la pandemia [Paulino Calderon]Ciberseguridad durante la pandemia [Paulino Calderon]
Ciberseguridad durante la pandemia [Paulino Calderon]
 
OWASP IoTGoat - Enseñando a desarrolladores IoT a crear productos seguros - P...
OWASP IoTGoat - Enseñando a desarrolladores IoT a crear productos seguros - P...OWASP IoTGoat - Enseñando a desarrolladores IoT a crear productos seguros - P...
OWASP IoTGoat - Enseñando a desarrolladores IoT a crear productos seguros - P...
 
Estadisticas de redes 802.11 en Mexico (2013) por Paulino Calderon
Estadisticas de redes 802.11 en Mexico (2013) por Paulino CalderonEstadisticas de redes 802.11 en Mexico (2013) por Paulino Calderon
Estadisticas de redes 802.11 en Mexico (2013) por Paulino Calderon
 
Derrotando a changos con scanners [Paulino Calderon]
Derrotando a changos con scanners [Paulino Calderon]Derrotando a changos con scanners [Paulino Calderon]
Derrotando a changos con scanners [Paulino Calderon]
 
Old fox new tricks malicious macros are back
Old fox new tricks malicious macros are backOld fox new tricks malicious macros are back
Old fox new tricks malicious macros are back
 
Explotación de vulnerabilidades recientes de Windows - Agosto 2017
Explotación de vulnerabilidades recientes de Windows - Agosto 2017Explotación de vulnerabilidades recientes de Windows - Agosto 2017
Explotación de vulnerabilidades recientes de Windows - Agosto 2017
 
Mi experiencia en el programa Google Summer of Code
Mi experiencia en el programa Google Summer of CodeMi experiencia en el programa Google Summer of Code
Mi experiencia en el programa Google Summer of Code
 
Escribiendo firmas para el sistema de detección de versiones de Nmap
Escribiendo firmas para el sistema de detección de versiones de NmapEscribiendo firmas para el sistema de detección de versiones de Nmap
Escribiendo firmas para el sistema de detección de versiones de Nmap
 
El porqué está fallando tu programa de seguridad informática por Paulino Cald...
El porqué está fallando tu programa de seguridad informática por Paulino Cald...El porqué está fallando tu programa de seguridad informática por Paulino Cald...
El porqué está fallando tu programa de seguridad informática por Paulino Cald...
 
Pwning corporate networks in a single day by Paulino Calderon Pale
Pwning corporate networks in a single day by Paulino Calderon PalePwning corporate networks in a single day by Paulino Calderon Pale
Pwning corporate networks in a single day by Paulino Calderon Pale
 
CPMX7 Pwneando redes informáticas por Paulino Calderon
CPMX7 Pwneando redes informáticas por Paulino CalderonCPMX7 Pwneando redes informáticas por Paulino Calderon
CPMX7 Pwneando redes informáticas por Paulino Calderon
 
Dragonjarcon2015 - ¿Cómo programar aplicaciones seguras? por Paulino Calderon...
Dragonjarcon2015 - ¿Cómo programar aplicaciones seguras? por Paulino Calderon...Dragonjarcon2015 - ¿Cómo programar aplicaciones seguras? por Paulino Calderon...
Dragonjarcon2015 - ¿Cómo programar aplicaciones seguras? por Paulino Calderon...
 
Explotación práctica de señales de radio por Luis Colunga
Explotación práctica de señales de radio por Luis ColungaExplotación práctica de señales de radio por Luis Colunga
Explotación práctica de señales de radio por Luis Colunga
 
Pentesting 101 por Paulino Calderon
Pentesting 101 por Paulino CalderonPentesting 101 por Paulino Calderon
Pentesting 101 por Paulino Calderon
 
Obtener contraseñas del directorio activo por hkm
Obtener contraseñas del directorio activo por hkmObtener contraseñas del directorio activo por hkm
Obtener contraseñas del directorio activo por hkm
 
OSINT vs CIBERCRIMEN por nickops
OSINT vs CIBERCRIMEN por nickopsOSINT vs CIBERCRIMEN por nickops
OSINT vs CIBERCRIMEN por nickops
 
Recuperacion de defaces con versionador Git por Alevsk
Recuperacion de defaces con versionador Git por Alevsk Recuperacion de defaces con versionador Git por Alevsk
Recuperacion de defaces con versionador Git por Alevsk
 
Seguridad en Bitcoin por Luis Daniel Beltran
Seguridad en Bitcoin por Luis Daniel BeltranSeguridad en Bitcoin por Luis Daniel Beltran
Seguridad en Bitcoin por Luis Daniel Beltran
 
CPMX5 - Hacking like a boss por Roberto Salgado
CPMX5 - Hacking like a boss por Roberto SalgadoCPMX5 - Hacking like a boss por Roberto Salgado
CPMX5 - Hacking like a boss por Roberto Salgado
 
CPMX5 - Las nuevas generaciones de redes por Luis Colunga
CPMX5 - Las nuevas generaciones de redes por Luis ColungaCPMX5 - Las nuevas generaciones de redes por Luis Colunga
CPMX5 - Las nuevas generaciones de redes por Luis Colunga
 

Último

A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 

Último (20)

A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 

Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]

  • 1. Echidna  Framework   NSM/IR  Open  Source  System  
  • 2. whoami            Eduardo  Urias  (larsx2)            OSCP,  OSWP,  Security+                            SoGware  Engineer  at:                            Security  Consultant  at:        
  • 3. So,  What  is  NSM?  
  • 4. Network  Security  Monitoring       “It’s  the  collecMon,  analysis  and  escalaMon  of   indicaMons  and  warnings  to  respond  to   intrusions”  
  • 5. Let  me  repeat  that   CollecMon            This  is  where  you  do  data  adquisiMon   Analysis            This  require  correlaMon  and  human  analysis     EscalaMon            An  authority  decides  how  to  proceed     =  This  shit  is  a  methodology,  NOT  a  product                        IDS  !=  NSM  !=  SIEM  !=  Log  Management  
  • 6. NSM  Process   •  Products  perform  collec%on   –  A  piece  of  soGware  or  appliance  whose  purpose  is  to   analyze  packets  on  the  network.     •  People  perform  analysis   –  While  products  can  perform  conclusions  of  what  they   see,  only  people  can  provide  context.     •  Processes  guides  escala%on   –  EscalaMon  is  the  act  of  bringing  informaMon  to  the   a[enMon  of  decision  makers.  
  • 7. NSM  Principles   •  Some  intruders  are  smarter  than  you   •  Many  intruders  are  unpredictable   •  PrevenMon  eventually  fails   •  Intruders  who  can  communicate  with  vicMms  can   be  detected   •  DetecMon  through  sampling  is  be[er  than  no   detecMon   •  DetecMon  through  traffic  analysis  is  be[er  than   no  detecMon  at  all  
  • 8. (SIEM)  Alert-­‐centric  soluMons  rely  on..     •  A[acks  can  be  understood  prior  execuMon   •  Methods  to  detect  or  prevent  a[acks  can  be   encapsulated  in  programming  logic   •  Customers  will  purchase,  properly  configure,   and  effecMvely  deploy  products  offering   sufficient  defensive  logic   •  The  customer’s  environment  will  behave  as   anMcipated  by  the  developers  and  vendors  
  • 9. (NSM)  Traffic-­‐centric  approach     •  NSM  Analysts  treat  ALL  data  as  indicators,  not   “false  posiMves”  or  “false  negaMves”   •  Relies  in  at  least  4  types  of  data:   ü   StaMsMcal     ü   Session   ü   Full  Content   ü   Alert   •  NSM  uses  a  “dumb  is  be[er”  approach  relying   on  traffic  to  verify  the  context  of  indicaMons  and   warnings  as  part  of  an  invesMgaMon.  
  • 10. NSM  Model   Alert   –  “Snort  fires  an  alert  related  to  an  FTP  bounce  a[ack”   Session   –  “We  request  the  session/nealow  acMvity  in  the  past  4   hours  of  src/dst  ip”   Full  Content   –  “We  request  the  full  packet  capture  of  one  of  the   sessions  to  see  the  FTP  commands  sent  in  the  control   channel”  
  • 14. Full  Packet  Capture        
  • 17. SIEM’s  are  part  of  the  tools  used  in   the  process,  just  not  the  end.  
  • 18. Sguil  by  Bamm  Vischer      
  • 19. Snorby  by  DusMn  Webber  
  • 20. Snorby  Cloud  (now  Threat  Stack)  
  • 21. Squert  by  Paul  Halliday  
  • 22. Cool  Bro.   Why  don’t  we  use  one  of  those  fancy   tools  as  well  and  forget  about  this   talk.  
  • 23. Why  do  we  subscribe  to  this?   Because…..  
  • 24.
  • 25. We  want  to  offer  something  cool  too   ü Open  Source  SoGware     ü Easy  to  Maintain   ü That  can  be  extended  using  other  awesome   OSS  tools   ü Scalable  and  easy  to  integrate   ü Nice  API  please?  
  • 27. Echidna  Architecture   Echidna  Server:     ü   Perl-­‐based   ü   Server/Node  CnC  communicaMon  is  done   through  WebSockets  (near-­‐realMme).   ü   Retrieval  and  Submission  of  data  is  done  through   a  REST  interface   ü   Modular  architecture  (use  what  you  need)   ü   It  can  be  used  for  RelaMonal  DBs  and  NoSQL  
  • 28.
  • 29. Server:  Fetch  some  records       URI:            h[p://inspectlabs.com:6970               Controller:            /api/pdns   Parameters:    ?    fields                        =  client,server,answer                  &  query_type  =  A      &  query                      =  nsm.metaflows.com.      &  from                    =  2012-­‐07-­‐09  10:21:27    &  to                                    =  2012-­‐07-­‐09  10:21:27     Which  means:          Give  me  the  client  ip,  server  ip  and  query  answer  of  all  DNS  peMMons  that  returned       an  address  record  at  10:21:27AM  of  2012-­‐07-­‐09  
  • 30. Server  REST  API  Response  
  • 31. Echidna  Architecture     Echidna  UI:     ü   100%  JavaScript   ü   Client-­‐side  MVC  using  Google’s  AngularJS   ü   HTML5  Stuff   ü   Focus  on  usability  without  compromising   aestheMcs  
  • 36. Echidna  as  an  API  
  • 38. Turns  out,  this  is  Alpha  stage   •  Not  Feature  Complete   •  Not  ProducMon  Ready   •  Frequent  updates   •  Features  are  being  added   •  Focused  on  NSM  for  Analysts    
  • 39. We  expect  an  evoluMon  to  Beta  in   about  2  weeks  
  • 40. Development   Server/Agents   – Perl  /  Mojolicious   Low  Level  Components   – C/C++   User  Interface   –  JavaScript  /  AngularJS   Protocol   – REST  /  WebSockets  
  • 41. Team                                            Edward  Fjellskal  (ebf0)  –  Analyst                                        Ian  Firns                            (firnsy)  –  Coder                                        Eduardo  Urias        (larsx2)  –  Coder  
  • 42. Future  (not  too  far  away)   ü   OISF  -­‐  Open  InformaMon  Security  FoundaMon            Suricata’s  next  big  friend!   ü   Bro  IDS  Engine  IntegraMon            Cool  tools  should  hang  together!   ü   Cassandra/Hadoop  Support            SomeMmes  things  get  out  of  control.   ü   Full  Text  Search  Support            I  am  looking  at  you  ElasMcSearch  ಠ_ಠ!  
  • 43. Wanted!   JavaScript  Hackers!   – Jump  in  for  the  development  of  a  fully  featured     client  side  UI  for  security  analysis   Perl/Python  Hackers!   – Help  us  creaMng  components/plugins  for  our   framework  to  support  more  services!   C/C++  Hackers!   – Want  to  build  new  specialized  components  for   network  analysis  on  extremely  fast  networks?  
  • 44. Props  to:   ü Richard  Bejtlich     ü Bamm  Vischer       ü Ma[  Jonkman       ü David  McNelis   ü Ian  Firns                             ü Edward  Bjarte         ü DusMn  Webber       Because  in  some  way  or  another  all  helped  in  that  I   could  do  this  talk    
  • 45. Contact  Me   ü @larsx2   ü edw.urias  [at]  gmail.com   ü IRC  -­‐>  #snort-­‐gui  and  #nsmframework   ü Cel.  +521  6621  <deadbeef>   ü github.com/firnsy/echidna-­‐refresh