Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.
This document outlines an overview of intelligent threat hunting presented by Dhruv Majumdar. It discusses the basics of threat hunting, including that it is a proactive and iterative process to detect threats that evade existing security solutions. It provides a threat hunting recipe and describes important data sources and skills needed like host analysis, network analysis, and threat intelligence. It also walks through an attack scenario and things to look for at different stages of an attack lifecycle. Finally, it concludes with the growing demand for threat hunters and recommendations on how to get started with threat hunting.
The document provides biographies and background information on two cyber threat hunters, Teymur Kheirkhabarov and Sergey Soldatov. It then discusses the process of cyber threat hunting, including collecting log and system event data from endpoints, analyzing that data using tools like Yara and Cuckoo Sandbox, and manually investigating anomalies through iterative hypothesis testing to detect advanced threats. Examples are given of how threat hunters traced back the steps of an attacker who compromised a system by injecting code into the LSASS process and establishing persistence via a scheduled task. The document emphasizes that threat hunting requires both machine analysis of large datasets as well as human reasoning to uncover sophisticated threats that evade other security solutions.
Ransomware has evolved significantly since 2012, starting as police messages and becoming increasingly sophisticated with encryption and evasion techniques. Ransomware distributors now offer ransomware-as-a-service and use affiliate programs to spread malware via phishing emails and drive-by downloads. Victims' files are encrypted with strong encryption keys while private keys remain with criminal operators, who demand ransom payments in cryptocurrency. Effective defenses include education, backups, layered protection, network segmentation, and application control to limit the impact of ransomware attacks.
This document discusses cyber security. It begins by defining cyber security as the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attacks, damage, or unauthorized access. It notes that cyber security is important because organizations collect, store, and process unprecedented amounts of data that needs protection. Some common cyber threats discussed include cyberterrorism, cyberwarfare, cyberspionage, and attacks targeting critical infrastructure, networks, applications, cloud systems, and internet of things devices. The document also examines cyber attack life cycles and common prevention methods.
This will give you knowledge about basics of what ethical hacking is and few attacks. This document edited in Ubuntu. Types of hackers explained in detail. what kind of language is used by the hacker. How attacks happen with the help of scanning and access point for the system which is helpfull for the hacker after doing attacks gaining the access and maintaining the access. how to protect the system from the attackers and what to do after the attack happened.
A college lecture at City College San Francisco. Based on "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", by Michael Sikorski and Andrew Honig; ISBN-10: 1593272901.
Instructor: Sam Bowne
Class website: https://samsclass.info/126/126_S17.shtml
Learn about threat modeling from our CTO and co-creator of the DREAD threat modeling classification, Jason Taylor. Understand more about what threat modeling is, dive into real life examples, and use techniques you can leverage at every phase of the SDLC.
The document provides an overview of footprinting, which is the first stage of reconnaissance during a cyber attack. It involves gathering open-source information about a target organization to understand its security profile and map its network. Some of the tools mentioned for footprinting include Whois, Nslookup, traceroute, Google Earth and various online databases to find domain information, network details, employee names and more. The goal is to learn as much as possible about the target before launching an actual attack.
Introduction to Web Application Penetration TestingAnurag Srivastava
Web Application Pentesting
* Process to check and penetrate the security of a web application or a website
* process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities
* Any security issues that are found will be presented to the system owner, together with an assessment of the impact, a proposal for mitigation or a technical solution.
MITRE ATT&CK framework is about the framework that is followed by Threat Hunters, Threat Analysts for Threat Modelling purpose, which can be use for Adversary Emulation and Attack Defense. Cybersecurity Analyst widely use it for framing the attack through its various used Tactics and Techniques.
This is an introductory course that is developed with the objective of laying the foundation stone which can potentially transform into a career in the cyber security space....
Social engineering involves manipulating people into revealing confidential information through psychological tricks, deception or pretending to need access for legitimate reasons. Attackers use methods like pretexting, phishing and fake websites to obtain personally identifiable data, financial information, passwords and other sensitive details from targets like employees or customers. The impacts of social engineering can be significant, as demonstrated by a $80 million cyberattack on Bangladesh's central bank. To protect against social engineering, organizations should promote security awareness training to help people identify inappropriate requests and understand the risks of revealing private information.
The document discusses Monnappa, a security investigator at Cisco who focuses on threat intelligence and malware analysis. It provides an overview of static analysis, dynamic analysis, and memory analysis techniques for analyzing malware. It includes steps for each technique and screenshots demonstrating running analysis on a Zeus bot sample, including using tools like PEiD, Dependency Walker, Volatility, and VirusTotal. The analysis uncovered the malware creating registry runs keys for persistence and injecting itself into the explorer.exe process.
Who is a hacker? What is a bug bounty program? How do you get started with bug bounties? How much should I pay hackers who find bugs in my website and apps?
All these questions and more are answered in our bug bounty basics booklet. Learn more about the market-leading bug bounty platform and how it is the ideal choice for continuous security testing at https://www.hackerone.com/product/bounty
This document provides an introduction to security vulnerabilities. It defines key terms like vulnerability and exploit. It discusses the Open Web Application Security Project (OWASP) which focuses on improving software security and publishes the OWASP Top 10 list of most critical web application risks. The Top 10 from 2013 is presented, including Injection, Broken Authentication, Cross-Site Scripting, and others. Demo attacks are shown for Injection and Cross-Site Scripting. Tools for vulnerability scanning and security testing like ZAP are also mentioned.
The document discusses the MITRE ATT&CK framework, which is a knowledge base of adversary behaviors and tactics collected from real-world observations. It describes how the framework categorizes behaviors using tactics, techniques, and procedures. The framework can be used for threat intelligence, detection and analytics, adversary emulation, and assessment and engineering. The document provides examples of how organizations can map their detection capabilities and data sources to techniques in the framework to improve visibility of attacks. It cautions against misusing the framework as a checklist rather than taking a threat-informed approach.
( ** Cyber Security Training: https://www.edureka.co/cybersecurity-certification-training ** )
This Edureka PPT on "Penetration Testing" will help you understand all about penetration testing, its methodologies, and tools. Below is the list of topics covered in this session:
What is Penetration Testing?
Phases of Penetration Testing
Penetration Testing Types
Penetration Testing Tools
How to perform Penetration Testing on Kali Linux?
Cyber Security Playlist: https://bit.ly/2N2jlNN
Cyber Security Blog Series: https://bit.ly/2AuULkP
Instagram: https://www.instagram.com/edureka_lea...
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Malware analysis, threat intelligence and reverse engineeringbartblaze
In this presentation, I introduce the concepts of malware analysis, threat intelligence and reverse engineering. Experience or knowledge is not required.
Feel free to send me feedback via Twitter (@bartblaze) or email.
Blog post: https://bartblaze.blogspot.com/2018/02/malware-analysis-threat-intelligence.html
Labs: https://github.com/bartblaze/MaTiRe
Mind the disclaimer.
This Edureka PPT on "Application Security" will help you understand what application security is and measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.
Following are the topics covered in this PPT:
Introduction to Cybersecurity
What is Application Security?
What is an SQL Injection attack
Demo on SQL Injection
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014grecsl
The document discusses malware analysis methodology for those new to the field. It describes setting up an analysis environment including virtual machines and tools for triage, dynamic, and static analysis. The methodology section outlines checklists for conducting triage, dynamic analysis including establishing baselines and monitoring malware execution, and static analysis through disassembly. The goal is to provide an overview to help analysts expand skills from basic analysis to malware analysis.
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014grecsl
Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...grecsl
Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.
- Malware analysis involves both static and dynamic analysis techniques to understand malware behavior and assess potential damage. Static analysis involves disassembling and reviewing malware code and structure without executing it. Dynamic analysis observes malware behavior when executed in an isolated virtual environment.
- Tools for static analysis include file hashing, string extraction, and PE header examination. Dynamic analysis tools monitor the registry, file system, processes, and network traffic created by malware runtime behavior. These include Process Monitor, Wireshark, Process Explorer, and network sniffers.
- To safely conduct malware analysis, one should create an isolated virtual lab separated from production networks, and install behavioral monitoring and code analysis tools like OllyDbg, Process Monitor, and Wiresh
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...SegInfo
This document discusses automated malware analysis techniques used by Dissect || PE. It describes the challenges of processing large volumes of samples from different sources. The system uses a feed server, scheduler, unpackers, dissectors, and kernel driver. Samples are run in virtual machines and real machines. Plugins allow custom analysis. The architecture is scalable and supports community research through shared samples and results.
Title: Hands on Penetration Testing 101 by Scott Sutherland & Karl Fosaaen
Abstract: The goal of this training is to introduce attendees to standard penetration test methodologies, tools, and techniques. Hands on labs will cover the basics of asset discovery, vulnerability enumeration, system penetration, privilege escalation, and bypassing end point protection. During the labs, common vulnerabilities will be leveraged to illustrate attack techniques, using freely available tools such as Nmap and Metasploit. This training will be valuable to anyone interested in gaining a better understanding of penetration testing or to system administrators trying to understand common attack approaches.
Building next gen malware behavioural analysis environment isc2-hellenic
This document discusses building an automated malware behavioral analysis environment. It covers types of malware analysis, taxonomy of analysis platforms, analysis phases and checks, and evaluation strategies. Static and dynamic automated analysis are described as well as their pros, cons, and limitations. The analysis phases of submission, analysis, and reporting are outlined. Key challenges like modularity, fingerprinting, stalling, social engineering, and decoys are examined. Examples of analysis platforms and tools are provided.
Monitoring & Analysis 101 - N00b to Ninja in 60 Minutes at ISSW on April 9, 2016grecsl
Knowing how to perform basic monitoring and analysis can go a long way in helping infosec analysts do some foundation analysis to either crush the mundane or recognize when it's time to pass the more serious attacks on to the the big boys. This presentation covers environment options for making your network monitor-able, three quick steps to triage and analyze alerts, and integrated distros that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well... maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of network monitoring and analysis.
Analisis Estatico y de Comportamiento de un Binario MaliciosoConferencias FIST
This document summarizes a presentation on analyzing malware binaries through static and behavioral analysis. The presentation covers setting up a lab with virtual machines, performing static analysis to extract metadata and strings from the binary, and behavioral analysis by monitoring the malware's processes, connections, and registry activities when run in a virtual machine. It emphasizes comparing results with others and fully categorizing findings from static analysis, and provides examples of tools used for behavioral analysis on Windows and Linux systems.
Watchtowers of the Internet - Source Boston 2012Stephan Chenette
Watchtowers of the Internet: Analysis of Outbound Malware Communication, Stephan Chenette, Principal Security Researcher, (@StephanChenette) & Armin Buescher, Security Researcher
With advanced malware, targeted attacks, and advanced persistent threats, it’s not IF but WHEN a persistant attacker will penetrate your network and install malware on your company’s network and desktop computers. To get the full picture of the threat landscape created by malware, our malware sandbox lab runs over 30,000 malware samples a day. Network traffic is subsequently analyzed using heuristics and machine learning techniques to statistically score any outbound communication and identify command & control, back-channel, worm-like and other types of traffic used by malware.
Our talk will focus on the setup of the lab, major malware families as well as outlier malware, and the statistics we have generated to give our audience an exposure like never before into the details of malicious outbound communication. We will provide several tips, based on our analysis to help you create a safer and more secure network.
Stephan Chenette is a principal security researcher at Websense Security Labs, specializing in research tools and next generation emerging threats. In this role, he identifies and implements exploit and malcode detection techniques.
Armin Buescher is a Security Researcher and Software Engineer experienced in strategic development of detection/prevention technologies and analysis tools. Graduated as Dipl.-Inf. (MSc) with thesis on Client Honeypot systems. Interested in academic research work and published author of security research papers.
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budgetchrissanders88
This presentation was originally given as a lightning talk for a Charleston ISSA meeting. I talk briefly about malware analysis, and how to get started with malware analysis on a budget using virtualization.
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Lastline, Inc.
This document discusses techniques for achieving successful automated dynamic analysis of evasive malware through full system emulation. It begins by introducing the speaker and their background in malware research. It then discusses the goals of automated malware analysis, different analysis approaches (such as system call hooking and process emulation), and how full system emulation provides the highest visibility and fidelity while maintaining good performance. The document also covers challenges posed by malware evasion techniques and ways analysis systems can work to bypass triggers and detect stalling code.
Using Canary Honeypots for Network Security Monitoringchrissanders88
In this presentation I talk about how honeypots that have more traditionally been used for research purposes can also be used as an effective part of a network security monitoring strategy.
Project: Malware Analysis
CS 6262 Project 3
Agenda
• Part 1: Analyzing Windows Malware
• Part 2: Analyzing Android Malware
Scenario
• Analyzing Windows Malware
• You got a malware sample from the wild. Your task is to discover what
malware does by analyzing it
• How do you discover the malware’s behaviors?
• Static Analysis
• Manual Reverse Engineering
• Programming binary analysis
• Dynamic Analysis
• Network behavioral tracing
• Run-time system behavioral tracing(File/Process/Thread/Registry)
• Symbolic Execution
• Fuzzing
Scenario
• In our scenario, you are going to analyze the given malware with tools
that we provide.
• The tools help you to analyze the malware with static and dynamic
analysis.
• Objective
1. Find which server controls the malware (the command and control (C2)
server)
2. Discover how the malware communicates with the command and control
(C2) server
• URL and Payload
3. Discover what activities are done by the malware payload
• Attack Activities
Scenario
• Requirement
• Make sure that no malware traffic goes out from the virtual machine
• But, updating of malware (stage 2), and downloading payload (stage 3) are required to
be allowed (set as default option)
• The command and control server is dead. You need to reconstruct it
• Use tools to reconstruct the server, then reveal hidden behaviors of the malware
• Analyze network traffic on the host, and figure out the list of available
commands for the malware
• Analyze network traffic trace of the host, and figure out what malware does
• Write down your answer into assignment-questionnaire.txt
Project Structure
• A Virtual Machine for Malware analysis
• Please download and install the latest version or update your virtual box.
• https://www.virtualbox.org/wiki/Downloads
• Download the VM
• Download links
• http://ironhide.gtisc.gatech.edu/vm_2018.7z
• http://bombshell.gtisc.gatech.edu/vm_2018.7z
• Verify the md5 hash of the 7z file: 537e70c4cb4662d3e3b46af5d8223fd
• Please install 7zip or p7zip
• Windows, Linux and MacOs: http://www.7-zip.org/download.html
• Unarchive the 7z file
• Password: GTVM!
https://www.virtualbox.org/wiki/Downloads
http://ironhide.gtisc.gatech.edu/vm_2018.7z
http://bombshell.gtisc.gatech.edu/vm_2018.7z
http://www.7-zip.org/download.html
Project Structure
• Open VirtualBox
• Go to File->Import Appliance.
• Select the ova file and import it.
• For detailed information on how to import the VM, see:
• https://docs.oracle.com/cd/E26217_01/E26796/html/qs-import-vm.html
• VM user credentials
• Username: analysis
• Password: analysis
https://docs.oracle.com/cd/E26217_01/E26796/html/qs-import-vm.html
Project Structure
• In the Virtual Machine (VM)
• Files
• init.py
• This initializes the project environment
• Type your Georgia Tech username (same login name as Canvas) after running this
• update.sh
• This script updates the VM if any further update has been made by TA
• DO NOT execute the scri.
The document discusses ethical hacking and penetration testing. It provides an overview of the session, why penetration testing is valuable, the penetration testing process including tools used for internal and external testing, and real-life case studies. It describes gathering information, scanning IP addresses, determining service versions, assembling target lists, gathering and testing exploits, running exploits against live targets, assessing results, and obtaining interactive or privileged access. The goal is to identify vulnerabilities before they are exploited.
The document discusses ethical hacking and penetration testing. It provides an overview of the session which will cover taking a look at the environment, the penetration testing process and tools, and some real-life case studies. It then discusses the benefits of penetration testing for identifying vulnerabilities before exploitation. The document outlines the general penetration testing process which involves information gathering, scanning, determining service versions, running exploits, and repeating until goals are achieved. It also discusses specific internal and external penetration testing methodologies and commonly used tools.
The document discusses ethical hacking and penetration testing. It provides an overview of the session which will cover taking a look at the environment, the penetration testing process and tools, and some real-life case studies. It then discusses the benefits of penetration testing for identifying vulnerabilities before exploitation. The document outlines the general penetration testing process which involves information gathering, scanning, determining service versions, running exploits, and repeating until goals are achieved. It also discusses specific internal and external penetration testing methodologies and commonly used tools.
This document summarizes a presentation about honeypots and honeynets. It defines honeypots as information systems with no production value that are used to monitor, detect, and analyze attacks. Honeypots can be low, medium, or high interaction depending on how fully they simulate real systems. Honeynets are high interaction honeypots designed to gather in-depth attack information. The document discusses honeypot tools like Honeyd and the Honeynet Project. It covers honeypot types, data collection, risks, and legal issues regarding their use.
Reading Group Presentation: The Power of ProcrastinationMichael Rushanan
This presentation exposes the current threat model of execution stalling malicious code, and multiple pointers to relevant academic research in analysis. I presented these works to a weekly Security and Privacy reading group.
The academic proceeding can be found here:
www.syssec-project.eu/media/page-media/3/hasten-ccs11.pdf
Similar to Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, 2014 (20)
Deploying a Shadow Threat Intel Capability at Thotcon on May 6, 2016grecsl
In the presentation that threat intel vendors do not want you to see, open source and internal data meets home grown resources to produce actionable threat intelligence that your organization can leverage to stop the bad guys. This presentation discusses and shows examples of using what your already have to bootstrap this capability using existing data management platforms with open and flexible schemas to ease identification of advanced threats. Specific topics covered include the advantages of using open and flexible platforms that can be molded into a data repository, a case tracking system, an indicator database, and more. By analyzing this data organizations can discovery trends across attacks that help them understand their adversaries. An example nosql schema will be release to help attendees create their own implementations.
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016grecsl
In the presentation that threat intel vendors do not want you to see, open source and internal data meets home grown resources to produce actionable threat intelligence that your organization can leverage to stop the bad guys. This presentation discusses and shows examples of using what your already have to bootstrap this capability using existing data management platforms with open and flexible schemas to ease identification of advanced threats. Specific topics covered include the advantages of using open and flexible platforms that can be molded into a data repository, a case tracking system, an indicator database, and more. By analyzing this data organizations can discovery trends across attacks that help them understand their adversaries. An example nosql schema will be release to help attendees create their own implementations.
Defending the Enterprise with Evernote at SourceBoston on May 27, 2015grecsl
Most people are already familiar with Evernote. It’s easy to just throw all our miscellaneous data into the Elephant and effortlessly find it later with a quick search or correlate similar ideas with tags. Evernote is literally our external brain that increases our intelligence and helps us become more productive overall. This presentation discusses an experiment of using Evernote as a defensive management platform, the specific concepts and strategies used, and its overall effectiveness. Specific topics covered will include the advantages of using an open and flexible platform that can be molded into an open/closed source threat intelligence database, an information sharing platform, and an incident case management system. Although using Evernote in this way in large enterprises is probably not possible, the same lessons learned can be applied to implement a similarly effective system using internally-hosted open source or commercial software.
Project KidHack – Teaching the Next Next Generation Security through Gaming a...grecsl
Wanna teach your kid to be a hacker but don’t know where to start? Security is a fairly complex topic but games offer the best way for kids to learn the basics. This presentation not only reviews a sample of existing games that teach security fundamentals to a younger audience but also discusses a new crowdsourced project to catalog similar fun and entertaining ways to teach kids security. This project could help spur interest in later university and other programs and potentially a career … or at least make our children a more security-conscience adult in whatever field they choose.
Project KidHack - Teaching Kids Security through Gaming at BSidesCharm on Apr...grecsl
Wanna teach your kid to be a hacker but don't know where to start? Security is a fairly complex topic but games offer the best way for kids to learn the basics. This presentation not only reviews a sample of existing games that teach security fundamentals to a younger audience but also discusses a new crowdsourced project to catalog similar fun and entertaining ways to teach kids security. This project could help spur interest in later university and other programs and potentially a career ... or at least make our children a more security-conscience adult in whatever field they choose.
Project KidHack - Teaching Kids Security through Gaming at BSidesTampa on Feb...grecsl
Wanna teach your kid to be a hacker but don’t know where to start? Security is a fairly complex topic but games offer the best way for kids to learn the basics. This presentation not only reviews a sample of existing games that teach security fundamentals to a younger audience but also discusses a new crowdsourced project to catalog similar fun and entertaining ways to teach kids security. This project could help spur interest in later university and other programs and potentially a career … or at least make our children a more security-conscience adult in whatever field they choose.
Project Kid Hack - Teaching Kids Security through Gaming at BSidesDE on Novem...grecsl
Wanna teach your kid to be a hacker but don’t know where to start? Security is a fairly complex topic but games offer the best way for kids to learn the basics. This presentation not only reviews a sample of existing games that teach security fundamentals to a younger audience but also discusses a new crowdsourced project to catalog similar fun and entertaining ways to teach kids security. This project could help spur interest in later university and other programs and potentially a career … or at least make our children a more security-conscience adult in whatever field they choose.
UiPath Community Day Amsterdam: Code, Collaborate, ConnectUiPathCommunity
Welcome to our third live UiPath Community Day Amsterdam! Come join us for a half-day of networking and UiPath Platform deep-dives, for devs and non-devs alike, in the middle of summer ☀.
📕 Agenda:
12:30 Welcome Coffee/Light Lunch ☕
13:00 Event opening speech
Ebert Knol, Managing Partner, Tacstone Technology
Jonathan Smith, UiPath MVP, RPA Lead, Ciphix
Cristina Vidu, Senior Marketing Manager, UiPath Community EMEA
Dion Mes, Principal Sales Engineer, UiPath
13:15 ASML: RPA as Tactical Automation
Tactical robotic process automation for solving short-term challenges, while establishing standard and re-usable interfaces that fit IT's long-term goals and objectives.
Yannic Suurmeijer, System Architect, ASML
13:30 PostNL: an insight into RPA at PostNL
Showcasing the solutions our automations have provided, the challenges we’ve faced, and the best practices we’ve developed to support our logistics operations.
Leonard Renne, RPA Developer, PostNL
13:45 Break (30')
14:15 Breakout Sessions: Round 1
Modern Document Understanding in the cloud platform: AI-driven UiPath Document Understanding
Mike Bos, Senior Automation Developer, Tacstone Technology
Process Orchestration: scale up and have your Robots work in harmony
Jon Smith, UiPath MVP, RPA Lead, Ciphix
UiPath Integration Service: connect applications, leverage prebuilt connectors, and set up customer connectors
Johans Brink, CTO, MvR digital workforce
15:00 Breakout Sessions: Round 2
Automation, and GenAI: practical use cases for value generation
Thomas Janssen, UiPath MVP, Senior Automation Developer, Automation Heroes
Human in the Loop/Action Center
Dion Mes, Principal Sales Engineer @UiPath
Improving development with coded workflows
Idris Janszen, Technical Consultant, Ilionx
15:45 End remarks
16:00 Community fun games, sharing knowledge, drinks, and bites 🍻
Global Collaboration for Space Exploration.pdfSachin Chitre
Distinguished readers, leaders, esteemed colleagues, and fellow dreamers,
We stand at the precipice of a new era, an epoch where the boundaries of human potential are poised to be redefined. For centuries, humanity has gazed up at the celestial expanse, yearning to explore the cosmic mysteries that beckon us.
Today, I present a vision, a blueprint for a journey that transcends the limitations of conventional science and technology.
Imagine a world where the shackles of gravity are broken, where interstellar travel is no longer confined to the realms of science fiction. A world united not by petty differences, but by a shared purpose – to explore, to discover, and to elevate humanity.
This presentation outlines a comprehensive research project to construct and deploy Vimanas – ancient, aerial vehicles of wisdom and power. By harnessing the knowledge of our ancestors and the advancements of modern science, we can embark on a quest to not only conquer the skies but to conquer the cosmos.
Let us together ignite the spark of human ingenuity and propel our civilization towards a future where the stars are within our reach and where the bonds of humanity are strengthened through shared exploration.
The time for action is now. Let us embark on this extraordinary journey together."
The Hilarious Saga of Ships Losing Their Voices: these gigantic vessels that rule the seas can't even keep track of themselves without our help. When their beloved AIS system fails, they're rendered blind, deaf and dumb - a cruel joke on their supposed maritime prowess.
This document, in its grand ambition, seeks to dissect the marvel that is maritime open-source intelligence (maritime OSINT). Real-world case studies will be presented with the gravitas of a Shakespearean tragedy, illustrating the practical applications and undeniable benefits of maritime OSINT in various security scenarios.
For the cybersecurity professionals and maritime law enforcement authorities, this document will be nothing short of a revelation, equipping them with the knowledge and tools to navigate the complexities of maritime OSINT operations while maintaining a veneer of ethical and legal propriety. Researchers, policymakers, and industry stakeholders will find this document to be an indispensable resource, shedding light on the potential and implications of maritime OSINT in safeguarding our seas and ensuring maritime security and safety.
-------------------------
This document aims to provide a comprehensive analysis of maritime open-source intelligence (maritime OSINT) and its various aspects: examining the ethical implications of employing maritime OSINT techniques, particularly in the context of maritime law enforcement authorities, identifying and addressing the operational challenges faced by maritime law enforcement authorities when utilizing maritime OSINT, such as data acquisition, analysis, and dissemination.
The analysis will offer a thorough and insightful examination of these aspects, providing a valuable resource for cybersecurity professionals, law enforcement agencies, maritime industry stakeholders, and researchers alike. Additionally, the document will serve as a valuable resource for researchers, policymakers, and industry stakeholders seeking to understand the potential and implications of maritime OSINT in ensuring maritime security and safety.
Maritime Open-Source Intelligence (OSINT) refers to the practice of gathering and analyzing publicly available information related to maritime activities, vessels, ports, and other maritime infrastructure for intelligence purposes. It involves leveraging various open-source data sources and tools to monitor, track, and gain insights into maritime operations, potential threats, and anomalies. Maritime Open-Source Intelligence (OSINT) is crucial for capturing information critical to business operations, especially when electronic systems like Automatic Identification Systems (AIS) fail. OSINT can provide valuable context and insights into vessel operations, including the identification of vessels, their positions, courses, and speeds
A. Data Sources
• Vessel tracking websites and services (e.g., MarineTraffic, VesselFinder) that provide real-time and historical data on ship movements, positions, and d
Selling software today doesn’t look anything like it did a few years ago. Especially software that runs inside a customer environment. Dreamfactory has used Anchore and Ask Sage to achieve compliance in a record time. Reducing attack surface to keep vulnerability counts low, and configuring automation to meet those compliance requirements. After achieving compliance, they are keeping up to date with Anchore Enterprise in their CI/CD pipelines.
The CEO of Ask Sage, Nic Chaillan, the CEO of Dreamfactory Terence Bennet, and Anchore’s VP of Security Josh Bressers are going to discuss these hard problems.
In this webinar we will cover:
- The standards Dreamfactory decided to use for their compliance efforts
- How Dreamfactory used Ask Sage to collect and write up their evidence
- How Dreamfactory used Anchore Enterprise to help achieve their compliance needs
- How Dreamfactory is using automation to stay in compliance continuously
- How reducing attack surface can lower vulnerability findings
- How you can apply these principles in your own environment
When you do security right, they won’t know you’ve done anything at all!
Project management Course in Australia.pptxdeathreaper9
Project Management Course
Over the past few decades, organisations have discovered something incredible: the principles that lead to great success on large projects can be applied to projects of any size to achieve extraordinary success. As a result, many employees are expected to be familiar with project management techniques and how they apply them to projects.
https://projectmanagementcoursesonline.au/
Planetek Italia is an Italian Benefit Company established in 1994, which employs 120+ women and men, passionate and skilled in Geoinformatics, Space solutions, and Earth science.
We provide solutions to exploit the value of geospatial data through all phases of data life cycle. We operate in many application areas ranging from environmental and land monitoring to open-government and smart cities, and including defence and security, as well as Space exploration and EO satellite missions.
Ensuring Secure and Permission-Aware RAG DeploymentsZilliz
In this talk, we will explore the critical aspects of securing Retrieval-Augmented Generation (RAG) deployments. The focus will be on implementing robust secured data retrieval mechanisms and establishing permission-aware RAG frameworks. Attendees will learn how to ensure that access control is rigorously maintained within the model when ingesting documents, ensuring that only authorized personnel can retrieve data. We will also discuss strategies to mitigate risks of data leakage, unauthorized access, and insider threats in RAG deployments. By the end of this session, participants will have a clearer understanding of the best practices and tools necessary to secure their RAG deployments effectively.
Increase Quality with User Access Policies - July 2024Peter Caitens
⭐️ Increase Quality with User Access Policies ⭐️, presented by Peter Caitens and Adam Best of Salesforce. View the slides from this session to hear all about “User Access Policies” and how they can help you onboard users faster with greater quality.
Multimodal Embeddings (continued) - South Bay Meetup SlidesZilliz
Frank Liu will walk through the history of embeddings and how we got to the cool embedding models used today. He'll end with a demo on how multimodal RAG is used.
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, 2014
1. Malware
Analysis
N00b to Ninja in 60 Minutes*
@grecs
NovaInfosec.com
* Most listeners do not become Ninjas in under 60 minutes.
2. Disclaimer
• Opinions expressed do not express the views
or opinions of my
– my employers
– my customers,
– my wife,
– my kids,
– my parents
– my in-laws
– my high school girlfriend from Canada
Malware Analysis: N00b to Ninja in 60 Mins NovaInfosec.com@grecs,
22. Agenda
• Introduction
• Environment
• Methodology
• Where to Learn
More
• Conclusion
Malware Analysis: N00b to Ninja in 60 Mins NovaInfosec.com@grecs,
23. Introduction
WARNING!!!
DO NOT ANALYZE MALWARE
ON PRODUCTION SYSTEMS
Security Analysts Looking to Expand Skills
beyond Event Monitoring & Basic Analysis
General Security Practitioners Interested in
Getting Started in Malware Analysis
24. Introduction
What Is Malware Analysis
• The Analysis of Malware ;)
• Reverse Engineering Malware to Understand
How It Works and What It Does
• Types
– Triage
– Dynamic Analysis
– Static Analysis
“Mastering 4 Stages of Malware Analysis” – Lenny Zeltser
25. Introduction
What Is Triage?
• Definition
– Quickie Analysis To Understand as Much as
Possible about the Malware
• Goals
– Gain Gist of What Malware Is & What Could Do
What How
Determine Basic Running Properties Automated Analysis
See If Others Found Hash Search
Analyze File Props (type, imports) PE Examination
Find Textual Clues of Activity (if packed) Strings
27. Introduction
What Is Dynamic Analysis?
• Definition
– Execute Malware & Watch What It Does
• Goals
– Acquire Understanding of How Malware Acts
What How
Sense Host Changes Registry, File, Log, … Monitoring
Uncover Runtime Properties Process Monitoring, Memory Analysis*
Reveal Network Activity TCP/UDP Monitoring (DNS, HTTP, HTTPS)
Malware Analysis: N00b to Ninja in 60 Mins NovaInfosec.com@grecs,
28. Introduction
Dynamic Analysis
• Process
– Establish Baseline of Environment
– Start Monitoring Applications & Execute Malware
– Monitor Activities & Stop Monitoring Applications
– Analyze Differences & Activity Recorded
Malware Analysis: N00b to Ninja in 60 Mins NovaInfosec.com@grecs,
30. Introduction
What Is Static Analysis?
• Definition
– Disassemble Malware Down to Computer Instructions
• Goals
– Reverse Engineer to Understand Exactly What It Does
Easy
Hard
33. Environment
Platform
• Virtual
– Efficient & Easy to Setup
– Snap-Shots to Revert Back To
– Malware Detecting VM & Terminating
– Note: Use Non-Host Connected Interface (host-
only doesn’t count)
• Physical
– VM Detection Not Possible
– Resource Intensive
Malware Analysis: N00b to Ninja in 60 Mins NovaInfosec.com@grecs,
34. Environment
Options
• Automated
– Triage Analysis Performed in Automated Environment
– Emulates User Execution of & Interaction with Malware
– Collects Artifacts on Malware Activity
• Single Box
– Triage and/or Dynamic Analysis Performed on One Machine
– Potential Risk of Malware Sabotaging
• Dual Box
– Mitigates Some Sabotage Risk
– Gateway to Simulate a Network
– Realistic External View (ports
open, network traffic)
Malware Analysis: N00b to Ninja in 60 Mins NovaInfosec.com@grecs,
35. Environment
Automated Analysis
• Online
– Malwr.com
– Norman Sandbox
– GFI Sandbox
– Anubis
– ThreatExpert.com
• In-House
– Commercial Products – e.g., Companies Above
– Open Source – e.g., Cuckoo Sandbox
– Minimum: Machine Loaded with Several AV Products
Pic here showing one online form
Malware Analysis: N00b to Ninja in 60 Mins NovaInfosec.com@grecs,
36. Environment
Automated Analysis
• Cuckoo Sandbox
– Automated Dynamic Analysis of Malware
– Data Captured
• API Calls: Trace of Relevant Win32 API Calls Performed
• Network Traffic: Dump of Traffic Generated During Analysis
• Screenshots: Taken During Analysis
• Files: Created, Deleted, and Downloaded by Malware
• Assembly Instructions: Trace of Assembly Instructions
Executed
– Setup
• Can Be Frustrating
CuckooBox: http://cuckoobox.org/
38. Environment
Single Box
• Start with Base Unpatched Win XP SP2 Box in VMware
– Similar to First Set of Post-Install Instructions for
Metasploit Unleashed
– Turn Off Automatic Updates
– Disable Alerts
• Where to Get
– eBay, NewEgg, etc.
– Windows Evals
• Current Eval: http://technet.microsoft.com/en-us/evalcenter/default
• Previous Vs: http://technet.microsoft.com/en-us/evalcenter/dn407368
• Modern IE: http://www.modern.ie/ (even Windows XP)
– AWS (servers only)
Malware Analysis: N00b to Ninja in 60 Mins NovaInfosec.com@grecs,
39. Environment
Single Box
• Install Triage Analysis Tools
– Strings
• Strings from Sysinternals (also strings2)
• BinText from McAfee
– PeStudio
– FileInsight
• Hex Editor & Analysis Tool by McAfee
40. Environment
Single Box
• Install Dynamic Analysis Tools
– Process Monitor
• Exposes File System, Registry & Process Activity that Started
During Malware Execution
– Process Explorer
• Advanced Task Manager Replacement
• Reveals Info about Handles/DLLs Processes Opened/Loaded
– WireShark (along with WinPCAP)
• Sniffer to Capture Malware-Initiated Network Traffic
– RegShot
• View Changes Malware Makes in the Registry/File System
Process Monitor: http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653
WireShark: https://www.wireshark.org/
RegShot: http://sourceforge.net/projects/regshot/
41. Environment
Single Box
• Install Dynamic Analysis Tools (cont)
– TCPView
• Allows Detection of Malware Initiated Network
Connections
– FakeNet
• Aids Dynamic Analysis of Malicious Software
• Simulates Network so Malware Thinks Its Interacting
with Remote Hosts
• DNS, HTTP, SSL, Dummy Listener
TCPView: http://technet.microsoft.com/en-us/sysinternals/bb897437
FakeNet: http://practicalmalwareanalysis.com/fakenet/
42. Environment
Single Box
• Install Static Analysis Tools
– OllyDbg with OllyDump Plugin
• General Disassembler/Debugger for Windows Used to
Analyze Malware in Assembly
• Plugin to View Encrypted Malware When In Memory
– Specialized Tools
• PDFs: Didier Stevens’s pdfid.py & pdf-parser.py
• Flash: SWFTtools
• Others: Office, Java, JavaScript
OllyDbg: http://www.ollydbg.de/
OllyDump: http://www.openrce.org/downloads/details/108/OllyDump
Didier Stevens PDF Tools: http://blog.didierstevens.com/programs/pdf-tools/
43. Environment
Single Box - Others
• Other Ideas for Base Install or On-the-Fly
– Several AV Products
– Users of Various Permissions
– Malware Analysis Pack (FakeDNS, Right-Click Opts – MD5, strings, VT)
– CaptureBAT
• File Analysis Tools
– WinHex (restrictions under eval version; priced high for hobbyist)
– 010 Editor (30 day eval; priced high for hobbyist)
– FileAlyzer (similar to PeStudio but different capabilities)
• Forensics
– FTK Imager Lite
– Autopsy/The Sleuth Kit
– DumpIt
– Volatility
Malware Analysis: N00b to Ninja in 60 Mins NovaInfosec.com@grecs,
44. Environment
Single Box
• Baseline
– Configure VM to "Host-Only” Mode Secluded Network
• Temporarily Change to NAT to Download Malware
• Write-Once Media (e.g., CDs)
• USB Key with Physical Write-Protect Switch
– Imation USB 2.0 Clip Flash Drive
– Kanguru Flashblu 2
– Snapshot VM
• Rinse & Repeat
– Library of Different OSs at Various SPs (XP SP1, 2, & 3)
Malware Analysis: N00b to Ninja in 60 Mins NovaInfosec.com@grecs,
45. Environment
Dual Box – Fake Gateway Server
• Second Machine for Target to Connect To
– Additional Advantage of Examining Network Traffic without
Possible Malware Sabotage
– Implement Linux Server in VMware & Configure to Be Default
Route on Victim Machine
– Should Have Fixed IP Addresses
• Enable or Install Software that Provides Needed Services
– DNS: Configured to Return Fake Servers IP for All Queries
– HTTP
– IRC
– Others: DHCP, FTP, SSH
– Other Services Depending on
Goal of Analysis
Malware Analysis: N00b to Ninja in 60 Mins NovaInfosec.com@grecs,
46. Environment
Dual Box – Fake Gateway Server
• Install Network Analysis Tools
– WireShark: Records Network Traffic from Victim
– Netcat: Start Needed Ad-Hoc Services
– Nmap: Scan for Open Ports External to Victim
• Snapshot Fake Server Revert Back To
Malware Analysis: N00b to Ninja in 60 Mins NovaInfosec.com@grecs,
47. Environment
Dual Box – Fake Gateway Server
• REMnux
– Created by Lenny Zeltser
– ISO or Virtual Appliance
– Triage
• Load Malware on & Analyze
• Web-Based Malware (e.g., Malicious JavaScript, Java Programs, &
Flash Files)
• Malicious Documents (e.g., Microsoft Office & Adobe PDF files)
• Utilities for Reversing Malware through Memory Forensics
– Dynamic Analysis
• Emulate Network Services Used as Fake Gateway Server
• Emulate Services in Isolated Lab Environment
• Infects Another Laboratory System with Malware Sample
• Directs Potentially-Malicious Connections to REMnux that's Listening
on Appropriate Ports
REMnux: http://zeltser.com/remnux/
v4
52. Methodology
1. Triage Checklist
Run through External/Internal
Sandbox Services for QnD Results
• Goals: Rough Understanding of
Malware Activities
• Tools: Cuckcoo, Malwr.com, Norman,
GFI Sandbox, Anubis, ThreatExpert.com
b. MD5 Hash Comparison (can run
live is possible)
• Goals: When Compiled, Packed or
Obfuscated)
• Tools: VirusTotal.com, PeStudio, Google
Hash
c. Determine Real File Type
• UNIX “file” Command and/or TrID
• Open in FileInsight & Look for Magic
Numbers: Win Exe (MZ), PDF (%PDF),
ZIP (PK), … (more at Wikipedia)
Analyze Imports
• Goals: Discovery Interesting Libs
Malware May Be Importing (networking
APIs for non-networking app)
• Tools: PeStudio, PEView
Extract Readable Strings
• Goals: Discover Interesting Data Points
like Host Name & IP Addresses
• Tools: strings, strings2
Unpack If Needed
• Tools: OllyDump, PE Explorer (UPX built-
in)
Specialized Tools
• E.g., pdfid.py, pdf-parser.py, SWFTtools
a.
b.
c.
d.
e.
f.
e.
MASTIFF: Open Source Linux Tool Automates Much of Above
(on REMnux)
v4
53. Methodology
2. Dynamic Analysis Checklist
Establish Baseline of Environment
• Add Target Software: Reader, Java,
Flash, browsers (OldVersion.com /
OldApps.com)
• Disable Windows Firewall
• Create Snapshot if Testing Multiple
Times
Start Monitoring Apps & Execute
Malware
• Take RegShot & Start WireShark,
Process Monitor, Process Explorer,
FakeNet & TCPView
• Monitors File and Registry Access,
Network Traffic, Process Creation, etc.
• Execute Malware & Let it Run for 15
Minutes or Until Activity Dies Down
Monitor Activities & Stop Monitoring
Applications
• Watching WireShark, Process Monitor,
& TCPView for Anything Interesting
• Take Second RegShot & Stop WireShark,
Process Monitor, FakeNet
Analyze Differences & Activity
Recorded
• Compare Initial & Final RegShots
• Review All Monitoring Tool Logs
a.
b.
c.
d.
RegShot: Set Scan dir1 option to c:
54. Methodology
3. Static Analysis
• Use OllyDbg or IDA Pro to Disassemble &
Analyze Deobfuscated Malware
Just Stare at It
...
Stare Some More
...
And Some More
Malware Analysis: N00b to Ninja in 60 Mins NovaInfosec.com@grecs,
a.
b.
c.
d.
e.
57. Where to Learn More
• OpenSecurityTraining.info
– “Intro x86”
• http://opensecuritytraining.info/IntroX86.html
– “Reverse Engineering”
• http://opensecuritytraining.info/IntroductionToR
everseEngineering.html
– “Malware Dynamic Analysis
• http://opensecuritytraining.info/MalwareDynami
cAnalysis.html
– “Malware Static Analysis”
• http://opensecuritytraining.info/ReverseEngineer
ingMalware.html
• Matt Briggs & Frank Poz
• “Practical Malware Analysis” by M. Sikorski/A.
Honig
58. Where to Learn More
• Hacker Academy
– “Reverse Engineering”
• Foundation RE Material
& Concepts
• Covers Many Malware
Analysis Tech & Tools
– PE File Format
– Packers & Unpackers
– Ollydbg
– Digital Forensics
– Other Classes
• “Ethical Hacking”
• “Penetration Testing”
• “Cutting Edge”
Annual Pro Enrollment: $699
NovaInfosec.com Discount: $599
Free 30-Day Trial
http://bit.ly/grecshackerdeal
59. Where to Learn More
• Zeltser.com
– Malware Analysis Toolkit: http://zeltser.com/malware-analysis-
toolkit/
– Intro to Malware Analysis: http://zeltser.com/reverse-
malware/intro-to-malware-analysis.pdf
• Certifications: SANS GREM, EC-Council CHFI
• NIST: 800-94, 800-83, 800-61
• NovaInfosec
– Workshop Style? Here?
– Follow @grecs for Announcement
60. Where to Learn More
• MAnux
– Pre-Build VM with Cuckoo Sandbox Installed
– Future
• Dynamic Analysis Tools as Different Snapshot
• …
61. Conclusion
• Introduction
• Environment
– Platform
– Automated
– Single Box - Analysis
– Dual Box – Fake Gateway
• Methodology
– Triage
– Dynamic Analysis
– Static Analysis
• Where to Learn More
– OpenSecurityTraining.info
– NovaInfosec/Hacker Academy
– Zeltser.com
• Conclusion
Malware Analysis: N00b to Ninja in 60 Mins NovaInfosec.com@grecs,
75. Methodology
2. Dynamic Analysis (Analysis)
• Save Logs for Future Reference
• Compare Initial & Final RegShots & Review All
Monitoring Tool Logs
c-7.
d.
Malware Analysis: N00b to Ninja in 60 Mins NovaInfosec.com@grecs,