Collaboration Between Infosec Community and CERT Teams : Project Sonar case

•Télécharger en tant que ODP, PDF•

1 j'aime•783 vues

Along with their day-to-day duties, CERT/CSIRT teams need to be aware about the security state of their subscribers/clients. My goal here is to present this initiative named "Project Sonar", started by many members of the Infosec Community. Also, i would like to present an use case in which the collaboration between the CERT/CSIRT team and the Infosec Community can be more profitable for all of us. This use case will be based on an analysis of some data provided by Project Sonar.

Technologie

Collaboration Between Infosec
Community and CERT Teams : Project
Sonar case

1

Summary
1- Intro
2- A little Flashback
3- Who is the Infosec Community ?
3- What is Project Sonar ?
4- How can it be useful for CERT/CSIRT ?
5- What can be done ?
6- Conclusion
2

INTRO
●

●

/me {
Valdes T. Nzalli | @valdesjo77
Co-Founder & Security Evangelist at
Cameroon Cyber Security
}
Cameroon Cyber Security : {
NGO Association,
Infosec Workshops, Trainings, Awareness
and Share ! | @camcybersec
www.camcybersec.cm
« Be Secure, Be Safe ! » }
3

A LITTLE FLASHBACK
Internet Census Map (Carna Botnet)

4

Who is the Infosec Community ?
●

Infosec Researchers

●

Infosec Products Builders / Vendors

●

Security Analysts worldwide

5

What is Project Sonar ?
●

Scanning Public Internet-facing Systems

●

Analyse datasets provided by Scans

●

Share result and datasets with IT Security
Community
Datasets Availables :
IPv4 TCP banners & UDP probe replies
IPv4 Reverse DNS PTR records
IPv4 SSL Certificates
6

What is Project Sonar ?
●

Public Vulnerabilities on UpnP device reveled

7

What is Project Sonar ?
Serial Console Port Services exposed
worldwide

8

What is Project Sonar ?

OpenSSH servers usage and vulnerabilities
frequency in Africa

9

How can it be useful for
CERT/CSIRT ?

10

How can it be useful for
CERT/CSIRT ?
●

Workforce reduced

●

More Specific Awareness Campaign

●

●

Improvement of the Global Cybersecurity
State
Pro-active Incident Response

11

What can be done ?
●

●

●

●

●

Working together with Infosec
Researchers/Products Builders
Define standard of communication with Infosec
Community
Grab Datasets available for « internal » usage
Analyse and use this Informations for their
customers
Also, share their information with Infosec
Community to improve global Cybersecurity
12

Conclusion
Useful Ressources :
●

●

●

●

Project Sonar free Datasets https://scans.io/
Internet Census Project
http://internetcensus2012.bitbucket.org/

Rapid7 Community : Welcome to Project Sonar
https://community.rapid7.com/community/infosec/sonar/blog/2
Additional : Shodan HQ : www.shodanhq.com

13

Contenu connexe

Similaire à Collaboration Between Infosec Community and CERT Teams : Project Sonar case

Charles Lim - Honeynet Indonesia Chapter

Indonesia Honeynet Chapter

ION Belfast - Opening Slides - Chris Grundemann

Deploy360 Programme (Internet Society)

2 s tic-rina-2020-presentatie

Eduard Grasa

Umesh nfc login application for mobile devices29th nov

Umeshjamce

TFI2014 Conference Opening - ISOC Deployment & Operationalization

Colorado Internet Society (CO ISOC)

Pistoia Alliance Sequence Services Phase 2 Overview

Pistoia Alliance

PITA Working Group Meeting on Cybersecurity: Empowering the community to enha...

APNIC

On December 13 2020, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to immediately “disconnect or power down SolarWinds Orion products” as they were being actively exploited by malicious actors. Infosec Skills author and KM Cyber Security managing partner Keatron Evans is helping numerous clients respond to the breach and mitigate any potential damage. Join him as he discusses: -What we know about the breach so far -How his clients have responded to the incident -What to look for in your environment to see if you’ve been affected

Solar winds supply chain breach - Insights from the trenches

Infosec

The Honeynet Project Introduction

Julia Yu-Chin Cheng

AARC Assurance Profiles for Kantara Initiative

kantarainitiative

Matteo meucci Software Security - Napoli 10112016

Minded Security

ScadaLab Project

JMBALBOA

We are all now experiencing that remote working and virtual conferencing are important tools to stay connected. Not just in current circumstances but also in the wider future. That is why it is important to offer an easy-to-use, efficient, and quick replacement. Nextcloud is a platform for complete online collaboration and communication and can help to quickly adept and stay connected. Nextcloud is built by Nextcloud GmbH that has employees in home-offices in 11 countries and the Nextcloud Community which is spread all over the world. This talk gives an inside look at how Nextcloud GmbH works together with the Nextcloud community-building Nextcloud. It covers different communication channels that work for synchronous and asynchronous communication, how coordination in distributed teams works, and how good and efficient collaboration around documents is possible. Additionally, but also very important to share, this talk covers some of the challenges and solutions on how to successfully work across different countries, time zones, languages, and cultures.

stackconf 2021 | First hand experience: How Nextcloud stayed productive durin...

NETWAYS

Getting Started with Splunk Breakout Session

Splunk

The Neuroinformatics community in OpenAIRE Connect (Presentation by Sorina Po...

OpenAIRE

ONF Snapshot

US-Ignite

In this video from the 2019 EasyBuild User Meeting, Kenneth Hoste from the University of Ghent presents: EasyBuild State of the Union. EasyBuild is a software build and installation framework that allows you to manage (scientific) software on HPC systems in an efficient way. It is motivated by the need for a tool that combines the following features: a flexible framework for building/installing (scientific) software fully automates software builds divert from the standard configure / make / make install with custom procedures allows for easily reproducing previous builds keep the software build recipes/specifications simple and human-readable supports co-existence of versions/builds via dedicated installation prefix and module files enables sharing with the HPC community (win-win situation) automagic dependency resolution retain logs for traceability of the build processes Learn more: https://indico.cism.ucl.ac.be/event/4/timetable/#all.detailed and https://github.com/easybuilders/easybuild Sign up for our insideHPC Events Calendar: http://insidehpc.com/newsletter

EasyBuild State of the Union

inside-BigData.com

Monitoring indonesia darknets - Revealing the unseen security intrusion

Charles Lim

Great Open Source Compliance For Everyone (Version 3)

Shane Coughlan

Why Johnny Can't Blow the Whistle

gregnorc

Similaire à Collaboration Between Infosec Community and CERT Teams : Project Sonar case (20)

Charles Lim - Honeynet Indonesia Chapter

ION Belfast - Opening Slides - Chris Grundemann

2 s tic-rina-2020-presentatie

Umesh nfc login application for mobile devices29th nov

TFI2014 Conference Opening - ISOC Deployment & Operationalization

Pistoia Alliance Sequence Services Phase 2 Overview

PITA Working Group Meeting on Cybersecurity: Empowering the community to enha...

Solar winds supply chain breach - Insights from the trenches

The Honeynet Project Introduction

AARC Assurance Profiles for Kantara Initiative

Matteo meucci Software Security - Napoli 10112016

ScadaLab Project

stackconf 2021 | First hand experience: How Nextcloud stayed productive durin...

Getting Started with Splunk Breakout Session

The Neuroinformatics community in OpenAIRE Connect (Presentation by Sorina Po...

ONF Snapshot

EasyBuild State of the Union

Monitoring indonesia darknets - Revealing the unseen security intrusion

Great Open Source Compliance For Everyone (Version 3)

Why Johnny Can't Blow the Whistle

Plus de Valdes Nzalli

#OpenData DevFest18

Valdes Nzalli

Pénétration de l'Internet en Afrique : Qu'en est-il des équipements ?

Valdes Nzalli

De plus en plus d'équipements se retrouvent de nos jours connecté à Internet, la baisse des prix de la bande passante aidant, il est dorénavant plus facile d'héberger par exemple un service soit même. Mais cette croissance n'est pas la même pour les mesures de sécurité appliquées aux équipements connectés. Notre exposé aura pour but de révéler les statistiques d'un audit de l'internet en Afrique sur une durée mensuelle. Il nous a ainsi été possible d'identifier plusieurs cas comme les machines membres de botnets, des serveur ouverts au public mais non patchés et bien d'autres. De ces résultats nous avons fait un classement par pays, Application, Système,... ainsi que leur fréquence.

Etude Statistique d'un mois de Vulnérabilités en Afrique

Valdes Nzalli

Suite aux révélations sur les programmes de renseignement massif des agences Gouvernementales outre-mer en Juin dernier, les réactions de part et d'autres se sont fait entendre un peu partout et en particulier dans la sphère Internet Africaine. Cette Etude est une enquête sur les issues générées par cet état de choses ; notamment savoir quelles ont été les mesures mises en place par les gouvernements, Entreprises et Internautes Africains pour ce prémunir de ce phénomène. Par ailleurs, il sera question de savoir quel est l'impact et l'efficacité des mesures prises par les uns et les autres. Sont-elle efficientes?! comment peuvent-elle être améliorée ? sont là les questions qui trouverons réponses au cours de cet exposé.

Internet et Vie Privée Analyse des comportements en Afrique après PRISM

Valdes Nzalli

Cam cybersec fgi_reseaux_sociaux_et_securite_version_1.1

Valdes Nzalli

Valdes cyberguerre-barcamp2012

Valdes Nzalli

Valdes securite des application - barcamp2012

Valdes Nzalli

Government can save millions by reforming Security Policy

Valdes Nzalli

Cercle gt f-ssi_white_paper_finale5

Valdes Nzalli

Rapport GEULLIC du 24-04-2011

Valdes Nzalli

Logiciels libres cameroun m1

Valdes Nzalli

Presentation communaute (Cahier de Charg

Valdes Nzalli

Plus de Valdes Nzalli (12)

#OpenData DevFest18

Pénétration de l'Internet en Afrique : Qu'en est-il des équipements ?

Etude Statistique d'un mois de Vulnérabilités en Afrique

Internet et Vie Privée Analyse des comportements en Afrique après PRISM

Cam cybersec fgi_reseaux_sociaux_et_securite_version_1.1

Valdes cyberguerre-barcamp2012

Valdes securite des application - barcamp2012

Government can save millions by reforming Security Policy

Cercle gt f-ssi_white_paper_finale5

Rapport GEULLIC du 24-04-2011

Logiciels libres cameroun m1

Presentation communaute (Cahier de Charg

Dernier

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Civil Lines Women Seeking Men

Delhi Call girls

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Delhi Call girls

Evaluating the top large language models.pdf

ChristopherTHyatt

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Presentation on how to chat with PDF using ChatGPT code interpreter

naman860154

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

The Raspberry Pi 5 was announced on October 2023. This new version of the popular embedded device comes with a new iteration of Broadcom’s VideoCore GPU platform, and was released with a fully open source driver stack, developed by Igalia. The presentation will discuss some of the major changes required to support this new Video Core iteration, the challenges we faced in the process and the solutions we provided in order to deliver conformant OpenGL ES and Vulkan drivers. The talk will also cover the next steps for the open source Raspberry Pi 5 graphics stack. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://eoss24.sched.com/event/1aBEx

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Igalia

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

Dernier (20)

08448380779 Call Girls In Civil Lines Women Seeking Men

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Boost PC performance: How more available memory can improve productivity

Driving Behavioral Change for Information Management through Data-Driven Gree...

Strategies for Landing an Oracle DBA Job as a Fresher

[2024]Digital Global Overview Report 2024 Meltwater.pdf

🐬 The future of MySQL is Postgres 🐘

GenAI Risks & Security Meetup 01052024.pdf

How to Troubleshoot Apps for the Modern Connected Worker

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Evaluating the top large language models.pdf

Exploring the Future Potential of AI-Enabled Smartphone Processors

Presentation on how to chat with PDF using ChatGPT code interpreter

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

The 7 Things I Know About Cyber Security After 25 Years | April 2024

presentation ICT roal in 21st century education

Partners Life - Insurer Innovation Award 2024

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Artificial Intelligence: Facts and Myths

Collaboration Between Infosec Community and CERT Teams : Project Sonar case

1. Collaboration Between Infosec Community and CERT Teams : Project Sonar case 1

2. Summary 1- Intro 2- A little Flashback 3- Who is the Infosec Community ? 3- What is Project Sonar ? 4- How can it be useful for CERT/CSIRT ? 5- What can be done ? 6- Conclusion 2

3. INTRO ● ● /me { Valdes T. Nzalli | @valdesjo77 Co-Founder & Security Evangelist at Cameroon Cyber Security } Cameroon Cyber Security : { NGO Association, Infosec Workshops, Trainings, Awareness and Share ! | @camcybersec www.camcybersec.cm « Be Secure, Be Safe ! » } 3

4. A LITTLE FLASHBACK Internet Census Map (Carna Botnet) 4

5. Who is the Infosec Community ? ● Infosec Researchers ● Infosec Products Builders / Vendors ● Security Analysts worldwide 5

6. What is Project Sonar ? ● Scanning Public Internet-facing Systems ● Analyse datasets provided by Scans ● Share result and datasets with IT Security Community Datasets Availables : IPv4 TCP banners & UDP probe replies IPv4 Reverse DNS PTR records IPv4 SSL Certificates 6

7. What is Project Sonar ? ● Public Vulnerabilities on UpnP device reveled 7

8. What is Project Sonar ? Serial Console Port Services exposed worldwide 8

9. What is Project Sonar ? OpenSSH servers usage and vulnerabilities frequency in Africa 9

10. How can it be useful for CERT/CSIRT ? 10

11. How can it be useful for CERT/CSIRT ? ● Workforce reduced ● More Specific Awareness Campaign ● ● Improvement of the Global Cybersecurity State Pro-active Incident Response 11

12. What can be done ? ● ● ● ● ● Working together with Infosec Researchers/Products Builders Define standard of communication with Infosec Community Grab Datasets available for « internal » usage Analyse and use this Informations for their customers Also, share their information with Infosec Community to improve global Cybersecurity 12

13. Conclusion Useful Ressources : ● ● ● ● Project Sonar free Datasets https://scans.io/ Internet Census Project http://internetcensus2012.bitbucket.org/ Rapid7 Community : Welcome to Project Sonar https://community.rapid7.com/community/infosec/sonar/blog/2 Additional : Shodan HQ : www.shodanhq.com 13

Collaboration Between Infosec Community and CERT Teams : Project Sonar case

Recommandé

Recommandé

Contenu connexe

Similaire à Collaboration Between Infosec Community and CERT Teams : Project Sonar case

Similaire à Collaboration Between Infosec Community and CERT Teams : Project Sonar case (20)

Plus de Valdes Nzalli

Plus de Valdes Nzalli (12)

Dernier

Dernier (20)

Collaboration Between Infosec Community and CERT Teams : Project Sonar case