Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS

•

1 gostou•5,148 visualizações

This is the presentation of the SecDevOps-Cuse/CyberRange project. A project which aims to provide security researchers with a bootstrapped solution for building a personal research lab full of vulnerable assets, researcher tools, and well-known technologies like Nessus, Metasploit, FlareVM + many more...

Tecnologia

SecDevOps@Cuse
Cyber Range
An Open-Source AWS-based
Offensive/Defensive Learning Environment
For Every Cyber Security Researcher
GitHub: Secdevops-cuse/CyberRange
Fork of: fedekau/terraform-with-circleci-example

Demo’s First
Create the assetsShow what’s going to be setup / created

Technologies used
AWS
Git-Secrets
Terraform
Inspec
Kali
Packer
Chocolatey
Cloud-Init
Vulnerable Assets:
- Metasploitable 2 & 3 windows
- Metasploitable 2 nix
- Vulnhub vms
- Damn Vulnerable*
Researcher assets:
- Commando
- Kali
- Remnux
- Flarevm
- T-Pot
- DetectionLab*
- HoneyPot Network*

Terraform - Environments / Region Example
./terraform
environments/
├── eu-west-2
└── us-east-1
eu-west-2/
├── main.tf
├── terraform.tfvars
├── variables.tf
└── versions.tf

Environment - Main.tf
● Setup provider
● Setup staging-state
● Setup s3 backend
● Setup the infrastructure
Variables.tf

$Terraform Tip - Securing Credentials Access Keys: Bad: provider "aws" { region = "eu-west-1" # Ireland region, change as you wish access_key = "1234567890" secret_key = "1234567890" } Good: provider "aws" { region = "${var.region}" shared_credentials_file = "${pathexpand("~/.aws/credentials")}" }$

Infrastructure *aaS
network/
├── eips.tf
├── gateways.tf
├── output.tf
├── routes.tf
├── subnets.tf
├── variables.tf
└── vpc.tf
secdevops/
├── attackers.tf
├── aws_ami.tf
├── aws_key_pairs.tf
├── ctf.playground.tf
├── honeyPots.tf
├── malware.tf
├── output.tf
├── security_groups.tf
├── security_groups_rules.tf
├── targets.nix.tf
├── targets.windows.tf
├── tenable.tf
├── variables.tf
└── variables.tf.template
├── assets
│ ├── network
│ └── secdevops
├── cloud-init
│ ├── awsinspector.setup.yml
│ ├── bootstrap.commando.yml
│ ├── bootstrap.flarevm.yml
│ ├── bootstrap.windows.yml
│ ├── docker.setup.yml
│ ├── docker.targets.yml
│ ├── docker.tools.yml
│ ├── fbctf.setup.yml
│ ├── kali.yml
│ ├── tpot.setup.yml
│ └── windows.bootstrap.yml
├── main.tf
├── output.tf
└── variables.tf

CircleCI Build Workflow
Configuration file: .circleci/config.yml
Build, Plan, Apply Checks
Note: terraform v0.12 was just released 5/23
Issue #21515: Apply Graph bug -> plan --out files are not being applied correctly. Workaround exists, impacts CI.
Issue #21582: Apply --target does not create all network dependencies

AWS-Nuke
Tips:
● Leveraged a dedicated Organization / Account ID
● 1 Region at a time
● Carefully review Dry-Run output
● Update white-list of required assets often
● Initialize early / Purge often

Inspec Tests
Malware Lab - https://github.com/ytisf/theZoo
https://www.malware-traffic-analysis.net/
https://cuckoo.sh/docs/installation/guest/linux.html
https://github.com/aol/moloch
https://github.com/killswitch-GUI/Fuzz-FFmpeg
Future Research

Future Research
Packer:
http://jen20.com/2015/04/02/windows-amis-without-the-tears.html
https://operator-error.com/2018/04/16/windows-amis-with-even/
Compiler Explorers:
https://godbolt.org/
HoneyPot Network - https://github.com/threatstream/agave

Mais conteúdo relacionado

Mais procurados

Firmware analysis 101

veerababu penugonda(Mr-IoT)

Penetration Testing AWS

Sanjeev Kumar Jaiswal

# By Frans Rosén Adobe Experience Manager is an enterprise CMS with a troubled history. It was created with the angle of high customization factor, enabling consulting firms to deploy it all over the world for huge customers. Then came security. Frans will go through some terrible default configuration mistakes, Adobe’s love for bad Flash and how a sysadmin accidentialy exposed an international multi billion dollar company using only sad thoughts. # About speaker Frans Rosén is a tech entrepreneur, bug bounty hunter and a Security Advisor at Detectify, a security service for developers. He’s a frequent blogger at Detectify Labs and a top ranked participant of bug bounty programs, receiving some of the highest bounty payouts ever on HackerOne. Frans was recently featured as #2 on Hackread’s list of 10 Famous Bug Bounty Hunters of All Time and the results of his security research has been covered in numerous international publications such as Observer, BBC, Ars Technica, Wired and Mashable.

A story of the passive aggressive sysadmin of AEM

Frans Rosén

Pentesting Android Applications

Cláudio André

HKG18-402 - Build secure key management services in OP-TEE

Linaro

The WAF book (Web App Firewall )

Lior Rotkovitch

I hunt sys admins 2.0

Will Schroeder

TEE security infrastructure is now upstream in the Linux kernel, thanks to the hard work of many people in the ARM open source ecosystem. In this upcoming webinar, Joakim Bech and Jens Wiklander of the Linaro Security Working Group explain: ‣ Why upstream Linux kernel driver support is an important milestone. ‣ The relationship with specifications such as GlobalPlatform. ‣ A recap of the design principles for the TEE driver. ‣ How to get involved with TEE development. This webinar is based on the work of the Linaro Security Working Group. Their work helps Linaro achieve its mission of providing upstream open source support for the ARM ecosystem. The webinar will be of interest to developers and engineering managers who would like the latest status on TEE support in Linux, particularly those looking to develop secure applications with e.g. OP-TEE. It’s also a great case study for those interested in the challenges of Linux kernel upstreaming. There will be the opportunity to ask questions before, during and after the webinar. 🎙 Speakers: Joakim Bech, Security Working Group Tech Lead, Linaro Jens Wiklander, Security Working Group Engineer & Upstream Driver Author, Linaro 🎯 Moderator: Bill Fletcher, EMEA Field Engineering, Linaro ✨ Register here http://linaro.co/webinar01 For more information on... On Linaro - Leading Collaboration in the ARM Ecosystem - linaro.org On OP-TEE - the TEE in Linux using the ARM® TrustZone® technology op-tee.org ---------------------------------------------- Videos & Presentation -- Introduction to OP-TEE -- A great introduction to OP-TEE security written from the standpoint of Automotive Grade Linux. It's only 13 slides with some great diagrams explaining trusted execution, secure boot and isolation. #Automotive #AGL #OP-TEE #Linux https://www.slideshare.net/YannickGicquel/introduction-to-optee-26-may-2016 -- OP-TEE for Beginners and Porting Review -- Explains the building blocks involved in Security including TrustZone, OP-TEE, Trusted Firmware etc. Goes into detail on how Secure Boot Works.. and Why. Explains how a simple secure Trusted Application interacts with OP-TEE and works. Brief overview on how to port OP-TEE to an ARM platform. Opens discussions for Potential Challenges and Hardware limitations and how they can be overcome. #TrustedApplication #Trustzone http://connect.linaro.org/resource/hkg15/hkg15-311-op-tee-for-beginners-and-porting-review/

TEE - kernel support is now upstream. What this means for open source security

Linaro

Six Degrees of Domain Admin - BloodHound at DEF CON 24

Andy Robbins

DerbyCon 2019 - Kerberoasting Revisited

Will Schroeder

Slides from "Managing Secrets at scale" at Velocity EU 2015 Secrets come in many shapes and sizes: database API keys, database passwords, private keys. Distributing and managing these secrets is usually an afterthought. It's hard to get right, and can be very expensive if you get it wrong. In this session, we'll look at the core operations and properties that make up a good secret management system, and how these principals can be implemented

Managing secrets at scale

Alex Schoof

WAF 101

Null Bhubaneswar

Credentials 究竟該儲存在哪邊才算安全一直是個很尷尬的問題，外洩的消息更是時有耳聞；而一般的應用程式設計時，很少考量到如何定期去更新 Credentials，這時 DevOps 的救星 HashiCorp 發現了大家的需求，因而推出 Vault 來作為 Credentials 的歸宿，其主要最大的兩大功能就是讓大家可以將 Credentials 安心地存放在其中，並且針對一些特定的應用服務提供動態 Credentials 的功能，此 Workshop 主要分成三個主軸： - Vault 基本使用 - Dynamic Credentials 使用方式 - Vault 在生產環境使用的最佳準則

HashiCorp Vault Workshop：幫 Credentials 找個窩

smalltown

BUD17-400: Secure Data Path with OPTEE

Linaro

Android Hacking

antitree

One-Liners to Rule Them All

egypt

Presented at Black Hat 2019 https://www.blackhat.com/us-19/briefings/schedule/index.html#fantastic-red-team-attacks-and-how-to-find-them-16540 Casey Smith (Red Canary) Ross Wolf (Endgame) bit.ly/fantastic19 Abstract: Red team testing in organizations over the last year has shown a dramatic increase in detections mapped to MITRE ATT&CK™ across Windows, Linux and macOS. However, many organizations continue to miss several key techniques that, unsurprisingly, often blend in with day-to-day user operations. One example includes Trusted Developer Utilities which can be readily available on standard user endpoints, not just developer workstations, and such applications allow for code execution. Also, XSL Script processing can be used as an attack vector as there are a number of trusted utilities that can consume and execute scripts via XSL. And finally, in addition to these techniques, trusted .NET default binaries are known to allow unauthorized execution as well, these include tools like InstallUtil, Regsvcs and AddInProcess. Specific techniques, coupled with procedural difficulties within a team, such as alert fatigue and lack of understanding with environmental norms, make reliable detection of these events near impossible. This talk summarizes prevalent and ongoing gaps across organizations uncovered by testing their defenses against a broad spectrum of attacks via Atomic Red Team. Many of these adversary behaviors are not atomic, but span multiple events in an event stream that may be arbitrarily and inconsistently separated in time by nuisance events. Additionally, we introduce and demonstrate the open-sourced Event Query Language for creating high signal-to-noise analytics that close these prevalent behavioral gaps. EQL is event agnostic and can be used to craft analytics that readily link evidence across long sequences of log data. In a live demonstration, we showcase powerful but easy to craft analytics that catch adversarial behavior most commonly missed in organizations today.

Fantastic Red Team Attacks and How to Find Them

Ross Wolf

Introduction to Perf

Wang Hsiangkai

Printer has become one of the essential devices in the corporate intranet for the past few years, and its functionalities have also increased significantly. Not only print or fax, cloud printing services like AirPrint are also being supported as well to make it easier to use. Direct printing from mobile devices is now a basic requirement in the IoT era. We also use it to print some internal business documents of the company, which makes it even more important to keep the printer safe. Nowadays, most of the printers on the market do not have to be connected with USB or traditional cable. As long as you are using a LAN cable connected to the intranet, the computer can find and use the printer immediately. Most of them are based on protocols such as SLP and LLMNR. But is it really safe when vendors adopt those protocols? Furthermore, many printers do not use traditional Linux systems, but use RTOS(Real-Time Operating System) instead, how will this affect the attacker? In this talk, we will use Canon ImageCLASS MF644Cdw and HP Color LaserJet Pro MFP M283fdw as case study, showing how to analyze and gain control access to the printer. We will also demonstrate how to use the vulnerabilities to achieve RCE in RTOS in unauthenticated situations.

[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...

CODE BLUE

Unrevealed Story Behind Viettel Network Cloud Hotpot | Đặng Văn Đại, Hà Mạnh ...

Vietnam Open Infrastructure User Group

Mais procurados (20)

Firmware analysis 101

Penetration Testing AWS

A story of the passive aggressive sysadmin of AEM

Pentesting Android Applications

HKG18-402 - Build secure key management services in OP-TEE

The WAF book (Web App Firewall )

I hunt sys admins 2.0

TEE - kernel support is now upstream. What this means for open source security

Six Degrees of Domain Admin - BloodHound at DEF CON 24

DerbyCon 2019 - Kerberoasting Revisited

Managing secrets at scale

WAF 101

HashiCorp Vault Workshop：幫 Credentials 找個窩

BUD17-400: Secure Data Path with OPTEE

Android Hacking

One-Liners to Rule Them All

Fantastic Red Team Attacks and How to Find Them

Introduction to Perf

[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...

Unrevealed Story Behind Viettel Network Cloud Hotpot | Đặng Văn Đại, Hà Mạnh ...

Semelhante a Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS

Terraform Abstractions for Safety and Power

Calvin French-Owen

Infrastructure as Code with Terraform

Pedro J. Molina

Salting new ground one man ops from scratch

Jay Harrison

While there have been many improvements around securing containers, there is still a large gap in monitoring the behaviour of containers in production. Sysdig Falco is an open source behavioural activity monitor for containerized environments. Sysdig Falco can detect and alert on anomalous behaviour at the application, file, system, and network level. In this session get a deep dive into Falco: How does behavioural security differ from existing security solutions like image scanning, seccomp, SELinux or AppArmor? What can Sysdig Falco detect? Building and customizing rules for your Docker and Kubernetes apps. Forensics analysis with Sysdig Inspect even when the container doesn't exist anymore! Read more on: https://sysdig.com/blog/docker-runtime-security/ https://sysdig.com/blog/runtime-security-kubernetes-sysdig-falco/

Docker Runtime Security

Sysdig

Martin Čmelík Security-Portal.cz, Securix.org http://www.security-session.cz Přednáška: Hardening Linuxových systemů a představení distribuce Securix GNU/Linux Přednáška se bude věnovat možnostem zabezpečení Linuxových systémů od té nejnižší až po aplikační vrstvu. Představí možnosti zvýšení bezpečnosti použitelných na všech linuxových distribucích až po MLS (Multi-Level Security) systémy typu Grsec a PaX, které jsou schopné detailního vymezení opravnění a přístupu k resourcům každé aplikace.

Hardening Linux and introducing Securix Linux

Security Session

Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...

Michael Man

SFBay Area Solr Meetup - June 18th: Benchmarking Solr Performance

Lucidworks (Archived)

Docker Security in Production Overview

Delve Labs

SANS @Night There's Gold in Them Thar Package Management Databases

Phil Hagen

For HashiCorp fans, Terraform and Vault have been the go-to products for provisioning and securing cloud infrastructure as organizations move to the cloud. Terraform is releasing 0.12 and Vault surpassed 1.0 (and is now at 1.1). Many organizations have already adopted Terraform and Vault and are looking to adopt Consul. However, as organizations mature in usage of the HashiCorp stack, how can the various products work together to further optimize workflows? In this webinar, we’ll walk you through best practices for using Vault to secure data with Terraform.

Best practices for Terraform with Vault

Mitchell Pronschinske

CERN is the home of the Large Hadron Collider (LHC), a 27km circular proton accelerator that generates petabytes of physics data every year. To process all this data, CERN runs an OpenStack Cloud (>300K cores) that helps scientists all around the world to unveil the mysteries of the Universe. The Infrastructure is also used to run all the IT services of the Organization. Delivering these services, with high performance and reliable service levels has been one of the major challenges for the CERN Cloud engineering team. We have been constantly iterating the architecture and deployment model of the Cloud control plane. In this presentation we will describe the different control plane architecture models that we relied over the years. Finally, we will describe all the work done to move the OpenStack Cloud control plane from VMs into a kubernetes cluster. We will report about our experience running this architecture at scale, its advantages and challenges.

CERN OpenStack Cloud Control Plane - From VMs to K8s

Belmiro Moreira

Terraform

Adam Vincze

A comprehensive walkthrough of how to manage infrastructure-as-code using Terraform. This presentation includes an introduction to Terraform, a discussion of how to manage Terraform state, how to use Terraform modules, an overview of best practices (e.g. isolation, versioning, loops, if-statements), and a list of gotchas to look out for. For a written and more in-depth version of this presentation, check out the "Comprehensive Guide to Terraform" blog post series: https://blog.gruntwork.io/a-comprehensive-guide-to-terraform-b3d32832baca

Comprehensive Terraform Training

Yevgeniy Brikman

Unraveling Docker Security: Lessons From a Production Cloud

Salman Baset

Tokyo OpenStack Summit 2015: Unraveling Docker Security

Phil Estes

SolrCloud is a set of features in Apache Solr that enable elastic scaling of search indexes using sharding and replication. In this presentation, Tim Potter will demonstrate how to provision, configure, and manage a SolrCloud cluster in Amazon EC2, using a Fabric/boto based solution for automating SolrCloud operations. Attendees will come away with a solid understanding of how to operate a large-scale Solr cluster, as well as tools to help them do it. Tim will also demonstrate these tools live during his presentation. Covered technologies, include: Apache Solr, Apache ZooKeeper, Linux, Python, Fabric, boto, Apache Kafka, Apache JMeter.

Deploying and managing SolrCloud in the cloud using the Solr Scale Toolkit

thelabdude

Kubernetes 101 for_penetration_testers_-_null_mumbai

n|u - The Open Security Community

Cloud Native platforms such as Kubernetes and Cloud Foundry help developers to easily get started deploying and running their applications at scale. But as this access to compute starts to become ubiquitous, how you secure and maintain compliance standards in these environments becomes extremely important. In this talk we'll cover the basics of securing Cloud Native platforms such as Kubernetes. We will also cover open source tools - such as Clair, Anchore, and Sysdig Falco - that can be used to maintain secure computing environment. Attendees will walk away with a good understanding of the challenges of securing a Cloud Native platform and practical advice on using open source tools as part of their security strategy.

Securing your Container Environment with Open Source

Michael Ducy

Terraform training 🎒 - Basic

StephaneBoghossian1

How containers helped a SaaS startup be developed and go live

Ramon Navarro

Semelhante a Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS (20)

Terraform Abstractions for Safety and Power

Infrastructure as Code with Terraform

Salting new ground one man ops from scratch

Docker Runtime Security

Hardening Linux and introducing Securix Linux

Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...

SFBay Area Solr Meetup - June 18th: Benchmarking Solr Performance

Docker Security in Production Overview

SANS @Night There's Gold in Them Thar Package Management Databases

Best practices for Terraform with Vault

CERN OpenStack Cloud Control Plane - From VMs to K8s

Terraform

Comprehensive Terraform Training

Unraveling Docker Security: Lessons From a Production Cloud

Tokyo OpenStack Summit 2015: Unraveling Docker Security

Deploying and managing SolrCloud in the cloud using the Solr Scale Toolkit

Kubernetes 101 for_penetration_testers_-_null_mumbai

Securing your Container Environment with Open Source

Terraform training 🎒 - Basic

How containers helped a SaaS startup be developed and go live

Último

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Delhi Call girls

In an era where artificial intelligence (AI) stands at the forefront of business innovation, Information Architecture (IA) is at the core of functionality. See “There’s No AI Without IA” – (from 2016 but even more relevant today) Understanding and leveraging how Information Architecture (IA) supports AI synergies between knowledge engineering and prompt engineering is critical for senior leaders looking to successfully deploy AI for internal and externally facing knowledge processes. This webinar be a high-level overview of the methodologies that can elevate AI-driven knowledge processes supporting both employees and customers. Core Insights Include: Strategic Knowledge Engineering: Delve into how structuring AI's knowledge base is required to prevent hallucinations, enable contextual retrieval of accurate information. This will include discussion of gold standard libraries of use cases support testing various LLMs and structures and configurations of knowledge base. Precision in Prompt Engineering: Learn the art of crafting prompts that direct AI to deliver targeted, relevant responses, thereby optimizing customer experiences and business outcomes. Unified Approach for Enhanced AI Performance: Explore the intersection of knowledge and prompt engineering to develop AI systems that are not only more responsive but also aligned with overarching business strategies. Guiding Principles for Implementation: Equip yourself with best practices, ethical guidelines, and strategic considerations for embedding these technologies into your business ecosystem effectively. This webinar is designed to empower business and technology leaders with the knowledge to harness the full potential of AI, ensuring their organizations not only keep pace with digital transformation but lead the charge. Join us to map a roadmap to fully leverage Information Architecture (IA) and AI chart a course towards a future where AI is a key pillar of strategic innovation and business success.

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Earley Information Science

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

08448380779 Call Girls In Friends Colony Women Seeking Men

Delhi Call girls

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Advantages of Hiring UIUX Design Service Providers for Your Business

Pixlogix Infotech

CNv6 Instructor Chapter 6 Quality of Service

giselly40

Microsoft's Threat Matrix for Kubernetes helps organizations understand the attack surface a Kubernetes deployment introduces to their environments. This ensures that adequate detections and mitigations are in place. By covering over 40 different attacker techniques, defenders can learn about Kubernetes-specific mitigations and controls to deploy to their environments. In this session, we will explore the MS-TA9013 Host Path Mount technique, which is commonly used by attackers to perform privilege escalation in a Kubernetes cluster. Attendees will learn how attackers and defenders can: * Escape the container's host volume mount to gain persistence on an underlying node * Move laterally from the underlying node into the customer's cloud environment * Analyze Kubernetes audit logs to detect pods deployed with a hostPath mount * Deploy an admission controller that prevents new pods from using a hostPath mount

Breaking the Kubernetes Kill Chain: Host Path Mount

Puma Security, LLC

Slack Application Development 101 Slides

praypatel2

Sara Mae O’Brien Scott and Tatiana Baquero Cakici, Senior Consultants at Enterprise Knowledge (EK), presented “AI Fast Track to Search-Focused AI Solutions” at the Information Architecture Conference (IAC24) that took place on April 11, 2024 in Seattle, WA. In their presentation, O’Brien-Scott and Cakici focused on what Enterprise AI is, why it is important, and what it takes to empower organizations to get started on a search-based AI journey and stay on track. The presentation explored the complexities of enterprise search challenges and how IA principles can be leveraged to provide AI solutions through the use of a semantic layer. O’Brien-Scott and Cakici showcased a case study where a taxonomy, an ontology, and a knowledge graph were used to structure content at a healthcare workforce solutions organization, providing personalized content recommendations and increasing content findability. In this session, participants gained insights about the following: Most common types of AI categories and use cases; Recommended steps to design and implement taxonomies and ontologies, ensuring they evolve effectively and support the organization’s search objectives; Taxonomy and ontology design considerations and best practices; Real-world AI applications that illustrated the value of taxonomies, ontologies, and knowledge graphs; and Tools, roles, and skills to design and implement AI-powered search solutions.

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Enterprise Knowledge

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

A Call to Action for Generative AI in 2024

Results

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Delhi Call girls

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS

1. SecDevOps@Cuse Cyber Range An Open-Source AWS-based Offensive/Defensive Learning Environment For Every Cyber Security Researcher GitHub: Secdevops-cuse/CyberRange Fork of: fedekau/terraform-with-circleci-example

3. What & How Much?

4. Demo’s First Create the assetsShow what’s going to be setup / created

5. Technologies used AWS Git-Secrets Terraform Inspec Kali Packer Chocolatey Cloud-Init Vulnerable Assets: - Metasploitable 2 & 3 windows - Metasploitable 2 nix - Vulnhub vms - Damn Vulnerable* Researcher assets: - Commando - Kali - Remnux - Flarevm - T-Pot - DetectionLab* - HoneyPot Network*

6. Terraform - Environments / Region Example ./terraform environments/ ├── eu-west-2 └── us-east-1 eu-west-2/ ├── main.tf ├── terraform.tfvars ├── variables.tf └── versions.tf

7. Environment - Main.tf ● Setup provider ● Setup staging-state ● Setup s3 backend ● Setup the infrastructure Variables.tf

8. Terraform Tip - Securing Credentials Access Keys: Bad: provider "aws" { region = "eu-west-1" # Ireland region, change as you wish access_key = "1234567890" secret_key = "1234567890" } Good: provider "aws" { region = "${var.region}" shared_credentials_file = "${pathexpand("~/.aws/credentials")}" }

9. Infrastructure & Region - Main.tf

10. Infrastructure *aaS network/ ├── eips.tf ├── gateways.tf ├── output.tf ├── routes.tf ├── subnets.tf ├── variables.tf └── vpc.tf secdevops/ ├── attackers.tf ├── aws_ami.tf ├── aws_key_pairs.tf ├── ctf.playground.tf ├── honeyPots.tf ├── malware.tf ├── output.tf ├── security_groups.tf ├── security_groups_rules.tf ├── targets.nix.tf ├── targets.windows.tf ├── tenable.tf ├── variables.tf └── variables.tf.template ├── assets │ ├── network │ └── secdevops ├── cloud-init │ ├── awsinspector.setup.yml │ ├── bootstrap.commando.yml │ ├── bootstrap.flarevm.yml │ ├── bootstrap.windows.yml │ ├── docker.setup.yml │ ├── docker.targets.yml │ ├── docker.tools.yml │ ├── fbctf.setup.yml │ ├── kali.yml │ ├── tpot.setup.yml │ └── windows.bootstrap.yml ├── main.tf ├── output.tf └── variables.tf

11. CircleCI Build Workflow Configuration file: .circleci/config.yml Build, Plan, Apply Checks Note: terraform v0.12 was just released 5/23 Issue #21515: Apply Graph bug -> plan --out files are not being applied correctly. Workaround exists, impacts CI. Issue #21582: Apply --target does not create all network dependencies

12. CircleCI Workflow

13. AWS-Nuke Tips: ● Leveraged a dedicated Organization / Account ID ● 1 Region at a time ● Carefully review Dry-Run output ● Update white-list of required assets often ● Initialize early / Purge often

14. Next Phases of R&D

15. Inspec Tests Malware Lab - https://github.com/ytisf/theZoo https://www.malware-traffic-analysis.net/ https://cuckoo.sh/docs/installation/guest/linux.html https://github.com/aol/moloch https://github.com/killswitch-GUI/Fuzz-FFmpeg Future Research

16. Future Research Packer: http://jen20.com/2015/04/02/windows-amis-without-the-tears.html https://operator-error.com/2018/04/16/windows-amis-with-even/ Compiler Explorers: https://godbolt.org/ HoneyPot Network - https://github.com/threatstream/agave

Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS

Semelhante a Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS (20)

Último

Último (20)

Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS