SlideShare une entreprise Scribd logo

Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - Codemotion Milan 2016

Codemotion
Codemotion

Cyber security is one of the most challenging topic in the current era. Cyber attacks are becoming day by day more sophisticated and difficult to be detected by automated systems. People who understand cyber threats and act to block cyber attacks are defined as cyber analysts. But what do they really do ? What dificulties do they meet and what background should they have before starting the "neverending" "cyber security" learning path ? Why is not enough an automated system ? Marco will talk about real experiences on the cyber analyst field.

Technologie
1  sur  32
Télécharger pour lire hors ligne
Profilo aziendale YOROI November 26 2016 CodeMotion Milan Marco Ramilli
Profilo aziendale YOROI Cyber Analysts: who they are, what they do, where they are !
Profilo aziendale YOROI Agenda: - Cyber Analysts: who they are! - Cyber Analysts: what they do! - Cyber Analysts: where they are!
Profilo aziendale YOROI Today’s Host ● PhD in Bologna Joint UCDavis ○ Cyber Security, Penetration Testing US Voting Machines ○ Books and Publications ● NIST ○ OEVT ○ Penetration Testing methodologies to help US Democracy ● Palantir ○ Product Company ○ Intelligence Company ● Yoroi ○ One of the most extraordinary cyber security company founded in Europe (Hakin9)
Profilo aziendale YOROI Who they are! Nowadays is not a trivial topic: ● Deep Learning Machines ● Cognitive Computing ● Machine Learning Algorithms ● Neural Networks Undermine the Human side of Cyber Security Analysis. But could that technology really take off the human side of this job ?
Profilo aziendale YOROI Who they are! Dark Avenger Mutation Algorithm (1993) It could produce some decryptor cases that appeared only in about 5% or less of all cases. However, the engine had a couple of minor limitations that were enough to detect the virus reliably using an instruction size disassembler and a state machine. In fact, there is only one constant byte in an MtE decryptor, the 0x75 (JNZ), which is followed by a negative offset—and even that is placed at a variable location (at the end of the decryptor, whose length is not constant).
Profilo aziendale YOROI Who they are! Super Simple Malware Evasion Technique. Credits: https://www.exploit-db.com/34591
Profilo aziendale YOROI Who they are! Red Pill Approach credits: A fistful of red-pills: How to automatically generate procedures to detect CPU emulators
Profilo aziendale YOROI Who they are!
Profilo aziendale YOROI What they do! ● Day 1, Morning. A phone call (from IT department) saying a server is performing weird network requests. ● Day 1, Afternoon. A VMWare image is sent to Cyber Analyst email box he’ gotta run !
Profilo aziendale YOROI What they do! Apport -> Intercepts crashes right when they happen the first time, gathers system information and send back to developers stack traces and useful infos to fixt the crash package-data-downloader -> used by software installers such as dpkg and apt.
Profilo aziendale YOROI What they do! SubProcess … Why ? /usr/bin/lls … What ?
Profilo aziendale YOROI What they do! SubProcess … Why ? /usr/bin/lls … What ?
Profilo aziendale YOROI What they do!
Profilo aziendale YOROI What they do!
Profilo aziendale YOROI What they do! Connect to 198.216.87.22 ?
Profilo aziendale YOROI What they do! Ok, let’s intercept what it sends to 198 ! On the client side in the meanwhile ... Oh boy… really ?
Profilo aziendale YOROI What they do!
Profilo aziendale YOROI What they do! Ok, we’ve got password exfiltration every crash dump and every software update and machine control since ssh is available. But how they trigger persistence on a server ? Maybe attackers trigger crashes from outside ?
Profilo aziendale YOROI What they do! Et Voilà ! CVE-2014-3583
Profilo aziendale YOROI What they do! Ok, we know pretty much a lot of things about the intrusion even how they get persistence... But why the user reported a “strange behavior” ? Maybe attackers needed such a server as pivot server ? Oh..Oh !!
Profilo aziendale YOROI What they do! Here we go ! A nice SEH BOverflow on Windows We need to asks for another server Image ….. :D Ok not today...
Profilo aziendale YOROI What they do! It was a quite original way to penetrate a system… is it a new fancy opportunistic way ?
Profilo aziendale YOROI What they do!
Profilo aziendale YOROI What they do! How “lls” landed here ?
Profilo aziendale YOROI What they do! Only 5 iterations ? - Let’s check it out !
Profilo aziendale YOROI What they do! A simple reminds on Linux passwords: ● schema: $id$salt$hashed ○ $1$ -> MD5 ○ $2a$ -> Blowfish ○ $2y$ -> Blowfish (8-bit chars) ○ $5$ -> SHA-256 ○ $6$ -> SHA-512 ● !: account is password locked ● *: account is locked ● !!: no password set (RedHat)
Profilo aziendale YOROI What they do!
Profilo aziendale YOROI What they do!
Profilo aziendale YOROI Where they are! ● Unfortunately there is not a full learning path to become Cyber Security Analyst so far. ● There are a lot of classes on: ○ Reverse Engineer ○ Firmware Analyses ○ Forensic Analyses ○ Penetration Testing ○ Vulnerability Assessments ○ Secure Policy Assessment ○ . . . . . ● But a Cyber Security Analyst should be able to perform each of these actions + human interactions + strategic thinking + organization chart knowledge + problem solving
Profilo aziendale YOROI Where they are ?
Profilo aziendale YOROI We are Hiring ! www.yoroi.company

Recommandé

Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016
Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016
Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016Codemotion
 
Hacking for salone: drone races
Hacking for salone: drone racesHacking for salone: drone races
Hacking for salone: drone racesEmanuele Di Saverio
 
From printed circuit boards to exploits
From printed circuit boards to exploitsFrom printed circuit boards to exploits
From printed circuit boards to exploitsvirtualabs
 
28c3 in 15
28c3 in 1528c3 in 15
28c3 in 15antitree
 
The dangers of black box devices.
The dangers of black box devices.The dangers of black box devices.
The dangers of black box devices.Rsaesha
 
Scaling IoT: Telemetry, Command & Control, Analytics and the Cloud
Scaling IoT: Telemetry, Command & Control, Analytics and the CloudScaling IoT: Telemetry, Command & Control, Analytics and the Cloud
Scaling IoT: Telemetry, Command & Control, Analytics and the CloudNick Landry
 
Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016
Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016 Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016
Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016 Codemotion
 
Getting started with go - Florin Patan - Codemotion Milan 2016
Getting started with go - Florin Patan - Codemotion Milan 2016Getting started with go - Florin Patan - Codemotion Milan 2016
Getting started with go - Florin Patan - Codemotion Milan 2016Codemotion
 

Recommandé

Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016
Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016
Hacking for Salone: Drone Races - Di Saverio; Lippolis - Codemotion Milan 2016Codemotion
 
Hacking for salone: drone races
Hacking for salone: drone racesHacking for salone: drone races
Hacking for salone: drone racesEmanuele Di Saverio
 
From printed circuit boards to exploits
From printed circuit boards to exploitsFrom printed circuit boards to exploits
From printed circuit boards to exploitsvirtualabs
 
28c3 in 15
28c3 in 1528c3 in 15
28c3 in 15antitree
 
The dangers of black box devices.
The dangers of black box devices.The dangers of black box devices.
The dangers of black box devices.Rsaesha
 
Scaling IoT: Telemetry, Command & Control, Analytics and the Cloud
Scaling IoT: Telemetry, Command & Control, Analytics and the CloudScaling IoT: Telemetry, Command & Control, Analytics and the Cloud
Scaling IoT: Telemetry, Command & Control, Analytics and the CloudNick Landry
 
Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016
Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016 Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016
Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016 Codemotion
 
Getting started with go - Florin Patan - Codemotion Milan 2016
Getting started with go - Florin Patan - Codemotion Milan 2016Getting started with go - Florin Patan - Codemotion Milan 2016
Getting started with go - Florin Patan - Codemotion Milan 2016Codemotion
 
Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...
Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...
Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...Codemotion
 
Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016Codemotion
 
DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...
DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...
DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...Codemotion
 
The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016
The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016
The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016Codemotion
 
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016Codemotion
 
Come rendere il proprio prodotto una bomba creandogli una intera community in...
Come rendere il proprio prodotto una bomba creandogli una intera community in...Come rendere il proprio prodotto una bomba creandogli una intera community in...
Come rendere il proprio prodotto una bomba creandogli una intera community in...Codemotion
 
How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016
How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016
How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016Codemotion
 
A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...
A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...
A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...Codemotion
 
Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...
Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...
Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...Codemotion
 
The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...
The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...
The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...Codemotion
 
Developing apps for developing countries - Natalie Pistunovich - Codemotion M...
Developing apps for developing countries - Natalie Pistunovich - Codemotion M...Developing apps for developing countries - Natalie Pistunovich - Codemotion M...
Developing apps for developing countries - Natalie Pistunovich - Codemotion M...Codemotion
 
Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...
Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...
Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...Codemotion
 
Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016
Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016
Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016Codemotion
 
Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016Codemotion
 
Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016
Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016
Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016Codemotion
 
The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...
The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...
The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...Codemotion
 
Luciano Fiandesio - Docker 101 | Codemotion Milan 2015
Luciano Fiandesio - Docker 101 | Codemotion Milan 2015Luciano Fiandesio - Docker 101 | Codemotion Milan 2015
Luciano Fiandesio - Docker 101 | Codemotion Milan 2015Codemotion
 
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015Codemotion
 
Cutting the Fat
Cutting the FatCutting the Fat
Cutting the FatCodemotion
 
A recommendation engine for your applications - M.Orselli - Codemotion Rome 17
A recommendation engine for your applications - M.Orselli - Codemotion Rome 17A recommendation engine for your applications - M.Orselli - Codemotion Rome 17
A recommendation engine for your applications - M.Orselli - Codemotion Rome 17Codemotion
 
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...Codemotion
 
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]OpenSlidesArchive
 

Contenu connexe

En vedette

Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...
Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...
Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...Codemotion
 
Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016Codemotion
 
DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...
DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...
DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...Codemotion
 
The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016
The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016
The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016Codemotion
 
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016Codemotion
 
Come rendere il proprio prodotto una bomba creandogli una intera community in...
Come rendere il proprio prodotto una bomba creandogli una intera community in...Come rendere il proprio prodotto una bomba creandogli una intera community in...
Come rendere il proprio prodotto una bomba creandogli una intera community in...Codemotion
 
How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016
How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016
How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016Codemotion
 
A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...
A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...
A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...Codemotion
 
Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...
Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...
Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...Codemotion
 
The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...
The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...
The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...Codemotion
 
Developing apps for developing countries - Natalie Pistunovich - Codemotion M...
Developing apps for developing countries - Natalie Pistunovich - Codemotion M...Developing apps for developing countries - Natalie Pistunovich - Codemotion M...
Developing apps for developing countries - Natalie Pistunovich - Codemotion M...Codemotion
 
Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...
Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...
Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...Codemotion
 
Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016
Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016
Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016Codemotion
 
Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016Codemotion
 
Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016
Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016
Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016Codemotion
 
The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...
The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...
The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...Codemotion
 
Luciano Fiandesio - Docker 101 | Codemotion Milan 2015
Luciano Fiandesio - Docker 101 | Codemotion Milan 2015Luciano Fiandesio - Docker 101 | Codemotion Milan 2015
Luciano Fiandesio - Docker 101 | Codemotion Milan 2015Codemotion
 
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015Codemotion
 
Cutting the Fat
Cutting the FatCutting the Fat
Cutting the FatCodemotion
 
A recommendation engine for your applications - M.Orselli - Codemotion Rome 17
A recommendation engine for your applications - M.Orselli - Codemotion Rome 17A recommendation engine for your applications - M.Orselli - Codemotion Rome 17
A recommendation engine for your applications - M.Orselli - Codemotion Rome 17Codemotion
 

En vedette (20)

Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...
Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...
Master the chaos: from raw data to analytics - Andrea Pompili, Riccardo Rossi...
 
Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Maurizio Tatafiore - Codemotion Milan 2016
 
DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...
DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...
DevOps in Cloud, dai Container all'approccio Codeless - Gabriele Provinciali,...
 
The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016
The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016
The (almost) lost art of Smalltalk - Nikolas Martens - Codemotion Milan 2016
 
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016
 
Come rendere il proprio prodotto una bomba creandogli una intera community in...
Come rendere il proprio prodotto una bomba creandogli una intera community in...Come rendere il proprio prodotto una bomba creandogli una intera community in...
Come rendere il proprio prodotto una bomba creandogli una intera community in...
 
How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016
How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016
How to avoid Go gotchas - Ivan Daniluk - Codemotion Milan 2016
 
A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...
A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...
A-Frame in the Virtual World, small bricks of virtual reality web - Giovanni ...
 
Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...
Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...
Progressive Web Apps: trick or real magic? - Maurizio Mangione - Codemotion M...
 
The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...
The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...
The Evolution of Asynchronous Javascript - Alessandro Cinelli - Codemotion Mi...
 
Developing apps for developing countries - Natalie Pistunovich - Codemotion M...
Developing apps for developing countries - Natalie Pistunovich - Codemotion M...Developing apps for developing countries - Natalie Pistunovich - Codemotion M...
Developing apps for developing countries - Natalie Pistunovich - Codemotion M...
 
Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...
Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...
Universal JavaScript Web Applications with React - Luciano Mammino - Codemoti...
 
Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016
Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016
Understanding Angular 2 - Shmuela Jacobs - Codemotion Milan 2016
 
Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016
Lo sviluppo di Edge Guardian VR - Marco Giammetti - Codemotion Milan 2016
 
Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016
Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016
Games of Simplicity - Pozzi; Molinari - Codemotion Milan 2016
 
The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...
The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...
The hitchhiker's guide to UXing without a UXer - Chrissy Welsh - Codemotion M...
 
Luciano Fiandesio - Docker 101 | Codemotion Milan 2015
Luciano Fiandesio - Docker 101 | Codemotion Milan 2015Luciano Fiandesio - Docker 101 | Codemotion Milan 2015
Luciano Fiandesio - Docker 101 | Codemotion Milan 2015
 
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
Codemotion rome 2015 bluemix lab tutorial -- Codemotion Rome 2015
 
Cutting the Fat
Cutting the FatCutting the Fat
Cutting the Fat
 
A recommendation engine for your applications - M.Orselli - Codemotion Rome 17
A recommendation engine for your applications - M.Orselli - Codemotion Rome 17A recommendation engine for your applications - M.Orselli - Codemotion Rome 17
A recommendation engine for your applications - M.Orselli - Codemotion Rome 17
 

Similaire à Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - Codemotion Milan 2016

Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...Codemotion
 
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]OpenSlidesArchive
 
Malware's Most Wanted: How to tell BADware from adware
Malware's Most Wanted: How to tell BADware from adwareMalware's Most Wanted: How to tell BADware from adware
Malware's Most Wanted: How to tell BADware from adwareCyphort
 
The difference between a duck
The difference between a duckThe difference between a duck
The difference between a duckSensePost
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Positive Hack Days
 
Data Driven Security, from Gartner Security Summit 2012
Data Driven Security, from Gartner Security Summit 2012Data Driven Security, from Gartner Security Summit 2012
Data Driven Security, from Gartner Security Summit 2012Nick Galbreath
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Zoltan Balazs
 
On hacking & security
On hacking & security On hacking & security
On hacking & security Ange Albertini
 
HITB2013AMS Defenting the enterprise, a russian way!
HITB2013AMS Defenting the enterprise, a russian way!HITB2013AMS Defenting the enterprise, a russian way!
HITB2013AMS Defenting the enterprise, a russian way!F _
 
Os Nightingale
Os NightingaleOs Nightingale
Os Nightingaleoscon2007
 
Brick all the internet of things!(with notes)
Brick all the internet of things!(with notes)Brick all the internet of things!(with notes)
Brick all the internet of things!(with notes)Jimmy Shah
 
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013Nick Galbreath
 
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 201450 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014Chris Nickerson
 
LST Toolkit: Exfiltration Over Sound, Light, Touch
LST Toolkit: Exfiltration Over Sound, Light, TouchLST Toolkit: Exfiltration Over Sound, Light, Touch
LST Toolkit: Exfiltration Over Sound, Light, TouchDimitry Snezhkov
 
A Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization TechnologyA Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization TechnologyFFRI, Inc.
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksCyphort
 
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...CODE BLUE
 
Hacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades shortHacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades shortVincent Ohprecio
 

Similaire à Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - Codemotion Milan 2016 (20)

Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...
 
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]
 
Malware's Most Wanted: How to tell BADware from adware
Malware's Most Wanted: How to tell BADware from adwareMalware's Most Wanted: How to tell BADware from adware
Malware's Most Wanted: How to tell BADware from adware
 
The difference between a duck
The difference between a duckThe difference between a duck
The difference between a duck
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
 
Phd final
Phd finalPhd final
Phd final
 
Data Driven Security, from Gartner Security Summit 2012
Data Driven Security, from Gartner Security Summit 2012Data Driven Security, from Gartner Security Summit 2012
Data Driven Security, from Gartner Security Summit 2012
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015
 
On hacking & security
On hacking & security On hacking & security
On hacking & security
 
HITB2013AMS Defenting the enterprise, a russian way!
HITB2013AMS Defenting the enterprise, a russian way!HITB2013AMS Defenting the enterprise, a russian way!
HITB2013AMS Defenting the enterprise, a russian way!
 
Os Nightingale
Os NightingaleOs Nightingale
Os Nightingale
 
Brick all the internet of things!(with notes)
Brick all the internet of things!(with notes)Brick all the internet of things!(with notes)
Brick all the internet of things!(with notes)
 
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013
 
Bulletproof IT Security
Bulletproof IT SecurityBulletproof IT Security
Bulletproof IT Security
 
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 201450 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
 
LST Toolkit: Exfiltration Over Sound, Light, Touch
LST Toolkit: Exfiltration Over Sound, Light, TouchLST Toolkit: Exfiltration Over Sound, Light, Touch
LST Toolkit: Exfiltration Over Sound, Light, Touch
 
A Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization TechnologyA Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization Technology
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value Attacks
 
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
 
Hacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades shortHacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades short
 

Plus de Codemotion

Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Codemotion
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyCodemotion
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaCodemotion
 
Pennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserPennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserCodemotion
 
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Codemotion
 
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Codemotion
 
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Codemotion
 
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Codemotion
 
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Codemotion
 
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Codemotion
 
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Codemotion
 
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Codemotion
 
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Codemotion
 
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Codemotion
 
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Codemotion
 
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...Codemotion
 
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Codemotion
 
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Codemotion
 
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Codemotion
 
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Codemotion
 

Plus de Codemotion (20)

Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending story
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storia
 
Pennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserPennisi - Essere Richard Altwasser
Pennisi - Essere Richard Altwasser
 
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
 
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
 
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
 
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
 
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
 
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
 
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
 
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
 
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
 
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
 
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
 
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
 
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
 
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
 
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
 
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
 

Dernier

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Dernier (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - Codemotion Milan 2016

  • 1. Profilo aziendale YOROI November 26 2016 CodeMotion Milan Marco Ramilli
  • 2. Profilo aziendale YOROI Cyber Analysts: who they are, what they do, where they are !
  • 3. Profilo aziendale YOROI Agenda: - Cyber Analysts: who they are! - Cyber Analysts: what they do! - Cyber Analysts: where they are!
  • 4. Profilo aziendale YOROI Today’s Host ● PhD in Bologna Joint UCDavis ○ Cyber Security, Penetration Testing US Voting Machines ○ Books and Publications ● NIST ○ OEVT ○ Penetration Testing methodologies to help US Democracy ● Palantir ○ Product Company ○ Intelligence Company ● Yoroi ○ One of the most extraordinary cyber security company founded in Europe (Hakin9)
  • 5. Profilo aziendale YOROI Who they are! Nowadays is not a trivial topic: ● Deep Learning Machines ● Cognitive Computing ● Machine Learning Algorithms ● Neural Networks Undermine the Human side of Cyber Security Analysis. But could that technology really take off the human side of this job ?
  • 6. Profilo aziendale YOROI Who they are! Dark Avenger Mutation Algorithm (1993) It could produce some decryptor cases that appeared only in about 5% or less of all cases. However, the engine had a couple of minor limitations that were enough to detect the virus reliably using an instruction size disassembler and a state machine. In fact, there is only one constant byte in an MtE decryptor, the 0x75 (JNZ), which is followed by a negative offset—and even that is placed at a variable location (at the end of the decryptor, whose length is not constant).
  • 7. Profilo aziendale YOROI Who they are! Super Simple Malware Evasion Technique. Credits: https://www.exploit-db.com/34591
  • 8. Profilo aziendale YOROI Who they are! Red Pill Approach credits: A fistful of red-pills: How to automatically generate procedures to detect CPU emulators
  • 10. Profilo aziendale YOROI What they do! ● Day 1, Morning. A phone call (from IT department) saying a server is performing weird network requests. ● Day 1, Afternoon. A VMWare image is sent to Cyber Analyst email box he’ gotta run !
  • 11. Profilo aziendale YOROI What they do! Apport -> Intercepts crashes right when they happen the first time, gathers system information and send back to developers stack traces and useful infos to fixt the crash package-data-downloader -> used by software installers such as dpkg and apt.
  • 12. Profilo aziendale YOROI What they do! SubProcess … Why ? /usr/bin/lls … What ?
  • 13. Profilo aziendale YOROI What they do! SubProcess … Why ? /usr/bin/lls … What ?
  • 16. Profilo aziendale YOROI What they do! Connect to 198.216.87.22 ?
  • 17. Profilo aziendale YOROI What they do! Ok, let’s intercept what it sends to 198 ! On the client side in the meanwhile ... Oh boy… really ?
  • 19. Profilo aziendale YOROI What they do! Ok, we’ve got password exfiltration every crash dump and every software update and machine control since ssh is available. But how they trigger persistence on a server ? Maybe attackers trigger crashes from outside ?
  • 20. Profilo aziendale YOROI What they do! Et Voilà ! CVE-2014-3583
  • 21. Profilo aziendale YOROI What they do! Ok, we know pretty much a lot of things about the intrusion even how they get persistence... But why the user reported a “strange behavior” ? Maybe attackers needed such a server as pivot server ? Oh..Oh !!
  • 22. Profilo aziendale YOROI What they do! Here we go ! A nice SEH BOverflow on Windows We need to asks for another server Image ….. :D Ok not today...
  • 23. Profilo aziendale YOROI What they do! It was a quite original way to penetrate a system… is it a new fancy opportunistic way ?
  • 25. Profilo aziendale YOROI What they do! How “lls” landed here ?
  • 26. Profilo aziendale YOROI What they do! Only 5 iterations ? - Let’s check it out !
  • 27. Profilo aziendale YOROI What they do! A simple reminds on Linux passwords: ● schema: $id$salt$hashed ○ $1$ -> MD5 ○ $2a$ -> Blowfish ○ $2y$ -> Blowfish (8-bit chars) ○ $5$ -> SHA-256 ○ $6$ -> SHA-512 ● !: account is password locked ● *: account is locked ● !!: no password set (RedHat)
  • 30. Profilo aziendale YOROI Where they are! ● Unfortunately there is not a full learning path to become Cyber Security Analyst so far. ● There are a lot of classes on: ○ Reverse Engineer ○ Firmware Analyses ○ Forensic Analyses ○ Penetration Testing ○ Vulnerability Assessments ○ Secure Policy Assessment ○ . . . . . ● But a Cyber Security Analyst should be able to perform each of these actions + human interactions + strategic thinking + organization chart knowledge + problem solving
  • 32. Profilo aziendale YOROI We are Hiring ! www.yoroi.company