SlideShare une entreprise Scribd logo

The Library of Sparta

Lancope, Inc.
Lancope, Inc.

On today's increasingly militarized Internet, companies, non-profits, activists, and individual hackers are forced to melee with nation-state class adversaries. Just as one should never bring a knife to a gunfight, a network defender should not rely on tired maxims such as “perimeter defense” and “defense in depth”. Today’s adversaries are well past that. This webinar provides: - Key insights into what we call the Library of Sparta - the collective written expertise codified into military doctrine. Hidden in plain sight, vast free libraries contain the time-tested wisdom of combat at the tactical, operational, and strategic levels. - Better understanding on how adversaries will target your organization, and it will help you to employ military processes and strategies in your defensive operations. - Provide you with new approaches and examples about how to translate and employ doctrinal concepts in your current operations.

Technologie
1  sur  41
Télécharger pour lire hors ligne
The Library of Sparta David Raymond Greg Conti Tom Cross http://upload.wikimedia.org/wikipedia/commons/0/08/Jean-Jacques-Fran%C3%A7ois_Le_Barbier_-_A_Spartan_Woman_Giving_a_Shield_to_Her_Son.jpg 0
Why, So What, and Who Cares… You used to be fighting individuals . . . now you are defending yourselves against nation-states 1
On the Internet, the offense has all the cards 2
Foundations of Military Doctrine Everything in war is very simple. But the simplest thing is difficult. - Karl Von Clausewitz 3
Sources of Military Thought ● Military Theorists ● Doctrinal Manuals ● Print and Online Journals § Small Wars Journal § Parameters § Military Review § SIGNAL § … many more ● Policies 4
An Anathema to Some “The most difficult thing about planning against the Americans, is that they do not read their own doctrine, and they would feel no particular obligation to follow it if they did.” Admiral Sergey Gorshkov Commander, Soviet Naval Forces, 1956 - 1985 5
Kill Chain Find Fix Track Target Engage Assess ● US Air Force targeting methodology dating to late 1990’s ● Also referred to by clever acronym: F2T2EA "In the first quarter of the 21st century,it will become possible to find, fix or track, and target anything that moves on the surface of the Earth." GEN Ronald R. Fogleman, USAF Chief of Staff October 1996 6
Cyber Kill Chain ● Cyber Kill Chain first proposed in a 2010 Lockheed-Martin whitepaper: “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains”, by Hutchins, et. al. *Image source: NoVA Infosec, “Cyber Kill Chain 101.” May 2013, https://www.novainfosec.com/2013/05/29/cyber-kill-chain-101/ 7
The Value of the Kill Chain ● Drives the defender to take a comprehensive view of the lifecycle of an attack rather than focusing on a single stage. ● Provides a framework for organizing artifacts of an attack collected during an investigation. ● Turns asymmetry on its head – the attacker must remain covert through each stage of their operation – each stage presents the defender with an opportunity to detect the attack. 8
Cyber Terrain Analysis (OCOKA) ● Observation and Fields of Fire What portions of my network can be seen from where? ● Cover and Concealment What can I hide from observation? ● Obstacles How can I make my network harder to attack? ● Key Terrain Cyber terrain that can provide a ‘marked advantage’ ● Avenues of Approach Don’t just think of routers and cables . . . 9
Cyberspace Planes and Cyber Terrain ● Supervisory plane o Command and Control ● Cyber persona plane o Persons or ‘accounts’ ● Logical plane further divided into top 6 OSI layers (data link – application) o Operating system and application programs o Services – web, email, file systems o Logical network protocols ● Physical plane == OSI PHY layer (layer 1) o Network devices – switches, routers ● Geographic plane == physical location o Location in which an info system resides Most references to cyber terrain consider only the physical plane. For more on cyber terrain and cyber key terrain, see Raymond, et. al, “Key Terrain in Cyberspace: Seeking the High Ground,” in 6th Annual NATO Conference on Cyber Conflict, Tallinn, Estonia, June 2014. 10
Leveraging Cyber Key Terrain An approach to leveraging key terrain emerges from considering the terrain analysis as an attacker and as a defender. As a defender: o Identify Potentially Targeted Assets o Enumerate Avenues of Approach o Consider Observation and Fields of Fire o Place Obstacles, Cover, and Concealment 11
Observation and Fields of Fire What does an attacker need access to in order to observe or attack a particular interface associated with a potentially targeted asset? This is an iterative analysis. For example, if the attacker needs access to a particular network in order to reach a critical asset, how can that network, in turn, be accessed? It is through this iterative analysis that a picture of Key Terrain begins to emerge, which include highly interconnected resources as well as resources with connectivity to critical assets. Its important to consider terrain that your organization doesn’t control – attacks on supply chain integrity, waterhole attacks, etc… 12
Lessons from Cyber Terrain Analysis ● Battlefield Terrain Analysis maps fairly closely to the sort of analysis that network security people perform when thinking about a network’s exposures. ● Defenders know the terrain they are defending – attackers must discover it through iterative reconnaissance. ● Defenders can exploit an attacker’s lack of knowledge of the terrain. 13
Denial* ● Denial includes those measures designed to hinder or deny the enemy the knowledge of an object, by hiding or disrupting the means of observation of the object. ● The basis of denial is dissimulation, the concealing of the truth. * Counterdeception Principles and Applications for National Security, Bennett & Waltz 14
Deception* ● Deception is actions executed to deliberately mislead adversary military, paramilitary, or violent extremist organization decision makers, thereby causing the adversary to take specific actions (or inactions) that will contribute to the accomplishment of the friendly mission. ● The basis of deception is simulation, the presentation of that which is false. * JP 3-13.4, Military Deception, 26 January 2012, available at https://publicintelligence.net/jcs-mildec/ 15
Network Denial & Deception On the Internet, there is no way to tell whether or not something is actually real. ● Denial o Hidden file systems o Real services on unusual ports ● Deception o Fake database records (Canaries) o Fake employees or user accounts o Phoney systems and services Remember - what is important to you isn’t necessarily what is important to your adversary. 16
Exploiting the Human ● It is often observed that the human is the weakest link in any network defense. ● Often, the human is also the weakest link in any network offense. ● What are you doing in your network defense to exploit the human behind the attacks that are targeting you? 17
Operations Security (OPSEC)* ● The OPSEC process is a systematic method used to identify, control, and protect critical information and subsequently analyze friendly actions associated with military operations. ● The purpose of operations security (OPSEC) is to reduce the vulnerability of US and multinational forces from successful adversary exploitation of critical information. OPSEC applies to all activities that prepare, sustain, or employ forces. ● There is an entire Joint Publication on OPSEC... Joint Publication 3-13.3 * JP 3-13.3, Operations Security, 4 January 2012, available at https://publicintelligence.net/jcs-opsec/ 18
So How Can Good OPSEC Help Me? Attackers: ● Secrecy of the fact of the operation o Avoiding detection o When detected, appear to be something else ● Secrecy of information about the operation o Protect details of the operation o Prevent defenders who are aware of the operation from being able to stop it o C&C addresses, vulnerabilities, malware samples, etc… ● Secrecy of the identity of the operators o Prevent defenders from directly striking the attacker o Is it possible to connect aspects of your operation to your real identity and location? 19
Operation Tovar 20
So How Can Good OPSEC Help Me? Defenders: ● What can attackers learn about your organization through open sources? o Material for Spear Phishing attacks o Aspects of your Information Security Program o What products do you use? o What do your IT staff say on their resumes, linkedin profiles, and twitter accounts? ● Its hard for large commercial organizations to maintain good OPSEC - focus on the most important secrets. 21
The OPSEC Process from JP3-13.3 1. Identification of Critical Information What are you trying to protect? 2. Analysis of Threats Who is trying to get it? 3. Analysis of Vulnerabilities How might they get to it? 4. Assessment of Risk Risk=threat X vulnerability; what are you willing to accept? 5. Application of Appropriate Operations Security Countermeasures Plug the holes! 22
What is Threat Intelligence? 00dbb9e1c09dbdafb360f3163ba5a3de 00f24328b282b28bc39960d55603e380 0115338e11f85d7a2226933712acaae8 0141955eb5b90ce25b506757ce151275 0149b7bd7218aab4e257d28469fddb0d 016da6ee744b16656a2ba3107c7a4a29 01e0dc079d4e33d8edd050c4900818da 024fd07dbdacc7da227bede3449c2b6a 0285bd1fbdd70fd5165260a490564ac8 02a2d148faba3b6310e7ba81eb62739d 02c65973b6018f5d473d701b3e7508b2 034374db2d35cf9da6558f54cec8a455 03ae71eba61af2d497e226da3954f3af 0469a42d71b4a55118b9579c8c772bb6 0496e3b17cf40c45f495188a368c203a 04a7b7dab5ff8ba1486df9dbe68c748c 04e83832146034f9797d2e8145413daa 04f481d6710ac5d68d0eacac2600a041 0501bb10d646b29cab7d17a8407010d9 0522e955aaee70b102e843f14c13a92c 052ec04866e4a67f31845d656531830d 0545a524a6bb0b042f4b00da53fec948 05552a77620933dd80f1e176736f8fe7 0583f58ac3d804d28cd433d369b096b8 0588ffa0a244a2c4431c5c4faac60b1f aoldaily.com aolon1ine.com applesoftupdate.com arrowservice.net attnpower.com aunewsonline.com avvmail.com bigdepression.net bigish.net blackberrycluter.com blackcake.net bluecoate.com booksonlineclub.com bpyoyo.com businessconsults.net businessformars.com busketball.com canadatvsite.com canoedaily.com chileexe77.com cnndaily.com cnndaily.net cnnnewsdaily.com 12.38.236.32 71.6.141.230 72.240.45.65 203.231.234.23 202.64.109.187 223.25.233.36 23
Doctrinal Definition of Intelligence ● Joint Publication 2-0, Joint Intelligence*: “The product resulting from the collection, processing, integration, evaluation, analysis, and interpretation of available information concerning foreign nations, hostile or potentially hostile forces or elements, or areas of actual or potential operations.” ● In practice, it is a thorough analysis and understanding of the threat’s capabilities, strategy, and tactics and how they can be used on the cyber terrain comprising your operational environment. * Definition from JP 2-0, Joint Intelligence, 22 October 2013, available at http://www.dtic.mil/doctrine/index.html 24
The Intelligence Cycle Planning and direction Collection Processing and exploitation Analysis and production Dissemination and integration Evaluation and feedback Nothing is more worthy of the attention of a good general than the endeavor to penetrate the designs of the enemy. Niccolò Machiavelli Discourses, 1517 25 http://armypubs.army.mil/doctrine/DR_pubs/dr_a/pdf/adrp2_0.pdf
Characteristics of Effective Intelligence Information Quality Criteria ● Accuracy ● Timeliness ● Usability ● Completeness ● Precision ● Reliability Additional Criteria ● Relevant ● Predictive ● Tailored Commanders’ Considerations include Reducing operational uncertainty Determine appropriate balance between time alloted for collection and operational necessity Prioritize finite resources and capabilities, including network bandwidth Employing internal and supporting intel assets as well as planning, coordinating, and articulating requirements to leverage the entire intelligence enterprise. 26 http://armypubs.army.mil/doctrine/DR_pubs/dr_a/pdf/adrp2_0.pdf
Tactics, Techniques, and Procedures (TTPs) Tactics - The employment and ordered arrangement of forces in relation to each other Techniques - Non-prescriptive ways or methods used to perform missions, functions, or tasks Procedures - Standard, detailed steps that prescribe how to perform specific tasks The term TTP is used to refer broadly to the actions that one might take in a particular problem domain. 27 * JP 1-02, DoD Dictionary of Military and Associated Terms, 8 Nov. 2010, available at http://www.dtic.mil/doctrine/
Risk Analysis Intel Gain/Loss Calculus ● You’ve discovered an attacker in your network. You could kick them out, but they’d notice that. ● How do you decide when to kick them out and when to let them continue? ● Counter-intuitively, the risk of allowing them to continue increases the more that you know about them. 28
The OODA Loop ● COL John Boyd, USAF ● Writings can be found at http://dnipogo.org/john-r-boyd/, provided by the Project on Government Oversight 29 Image from http://crossvale.com/blog/boiling-ocean-analysis-paralysis-and-ooda-loop
Simplified OODA in the Context of Time ● Intelligence o Observation o Orientation ● Execution o Decision o Action 30
OODA for Cyber Security Conflict: Red vs. Blue Spin your loop faster than your adversary 31
OODA Loop Summary* ● Observation and Orientation (OO) increases your perceptive boundaries. Superior Situational Awareness ● Sampling Rate of the OO is relative to the rate of change Fast enough to represent change ● Decision and Actions raise the cost to your adversaries’ Observation/Orientation ● Operate at a faster tempo or rhythm than our adversaries Ultimately you are making it more expensive for the adversary to operate and hide 32 * TK Keanini - The OODA Loop: A Holistic Approach to Cyber Security - https://www.youtube.com/watch?v=RBv82THpBVA
Targeting Targeting: The process of selecting and prioritizing targets and matching the appropriate response to them. Target: An entity or object considered for possible engagement or action . . . to support commander’s objectives. Purpose: integrate and synchronize fires into joint operations. Joint Publication 3-60 Joint Targeting http://www.dtic.mil/doctrine/new_pubs/jointpub_operations.htm Army FM 3-60 The Targeting Process http://armypubs.army.mil/doctrine/DR_pubs/dr_a/pdf/fm3_60.pdf 33
What is Targeting good for? ● Targeting is a continuous cycle that begins with an analysis of the effects the commander wants to achieve ● Can be lethal or “non-lethal” Effects might include o Deceive o Degrade o Destroy o Influence ● Gives commanders a continuous process to influence their battlespace Targeting Methodology DECIDE Scheme of Maneuver/Fires, High- Payoff Target List DETECT Execute Intelligence Collection Plan DELIVER Execute Attack Guidance Matrix ASSESS Combat Assessment 34
How Does This Apply to Cyber Ops? Computer-based effects can be used as part of, or instead of, lethal military action. ● Israeli cyber attack on Syrian air defense systems (2007) ● Russia’s coordinated virtual attack and physical invasion of Georgia (2008) ● Stuxnet (2010) 35
Resources on Foreign Doctrine and Strategy: China ● Timothy Thomas’ trilogy and Chinese Information Warfare doctrine, published by the Army’s Foreign Military Studies Office at Fort Leavenworth. o Dragon Bytes, 2003 o Decoding the Virtual Dragon, 2007 o The Dragon’s Quantum Leap, 2009 ● Liang, Qiao and Xiangsui, Wang. Unrestricted Warfare. Summaries and translations abound on the web; extensively covered in Thomas’ Chinese IW trilogy. 36
More Foreign Doctrine and Strategy: Russia Russian Military Publications: ● “Doctrine of Information Security of the Russian Federation” (2000) ● “Conceptual Views on the Activity of the Russian Federation Armed Forces in Information Space” (2011) American Foreign Policy Council’s Defense Dossier: ● “How Russia Harnesses Cyberwarfare,” by David J. Smith. 37
Great Resources for More Information DoD and Military Branch doctrine: ● Intelligence and Security Doctrine (including DoD and all military branches) Federation of American Scientists’ Intelligence Resource Program http://www.fas.org/irp/doddir ● DOD Dictionary. http://www.dtic.mil/doctrine/dod_dictionary/ ● Joint Doctrine. http://www.dtic.mil/doctrine/doctrine/ ● Army Doctrine. http://armypubs.army.mil/doctrine/Active_FM.html Publications: ● Small Wars Journal: http://smallwarsjournal.com (all online content) ● Military review: http://militaryreview.army.mil (online and print) ● Parameters: http://strategicstudiesinstitute.army.mil/pubs/parameters (online and print). US Army War College quarterly journal. ● Army Branch Magazines (Armor magazine, Infantry magazine, Artillery magazine, ArmyAviation magazine, etc. ● Combined Arms Research Digital Library: http://cgsc.contentdm.oclc.org 38
More resources Military Theorists: ● Clausewitz, Carl von. On War, [available at www.clausewitz.com], 1832 ● Jomini, Antoine Henri. The Art of War, [available at www.gutenberg.org], 1862 ● Mitchell, William. Winged Defense: The Development and Possibilities of Modern Air Power--Economic and Military. The University of Alabama Press, Tuscaloosa, AL. 1925 ● Coram, Robert. Boyd: The Fighter Pilot Who Changed the Art of War. Little, Brown and Company, 2002 ● Mao Zedong. On Guerilla Warfare, [Online]. Available at http://www.marxists.org/, 1937 ● Mahan, Alfred Thayer. The Influence of Sea Power Upon History: 1660 - 1783, Little, Brown and Co. 1890 ● Lots more . . . 39
Yet more . . . Conferences: ● NATO Conference on Cyber Conflict (CyCon): http://ccdcoe.org/cycon/home.html ● IEEE/AFCEA Annual Military Communications Conference (MILCON): http://www.milcom.org/ Other: ● Center for Army Lessons Learned: http://usacac.army.mil/CAC2/call/ [See our whitepaper for lots more references!] 40

Recommandé

CSCSS Science of Security - Developing Scientific Foundations for the Operati...
CSCSS Science of Security - Developing Scientific Foundations for the Operati...CSCSS Science of Security - Developing Scientific Foundations for the Operati...
CSCSS Science of Security - Developing Scientific Foundations for the Operati...
Shawn Riley
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Shawn Riley
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Hunting
n|u - The Open Security Community
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Mark Arena
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber world
Akash Sarode
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Marlabs
 
Red team Engagement
Red team EngagementRed team Engagement
Red team Engagement
Indranil Banerjee
 

Recommandé

CSCSS Science of Security - Developing Scientific Foundations for the Operati...
CSCSS Science of Security - Developing Scientific Foundations for the Operati...CSCSS Science of Security - Developing Scientific Foundations for the Operati...
CSCSS Science of Security - Developing Scientific Foundations for the Operati...
Shawn Riley
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Shawn Riley
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Hunting
n|u - The Open Security Community
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Mark Arena
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber world
Akash Sarode
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Marlabs
 
Red team Engagement
Red team EngagementRed team Engagement
Red team Engagement
Indranil Banerjee
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
Sirius
 
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
AlienVault
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar
 
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Santiago Bassett
 
Crowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceCrowd-Sourced Threat Intelligence
Crowd-Sourced Threat Intelligence
AlienVault
 
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Open Analytics
 
Threat Hunting 101: Intro to Threat Detection and Incident Response
Threat Hunting 101: Intro to Threat Detection and Incident ResponseThreat Hunting 101: Intro to Threat Detection and Incident Response
Threat Hunting 101: Intro to Threat Detection and Incident Response
Infocyte
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
OWASP Delhi
 
2018 CISSP Mentor Program Session 2
2018 CISSP Mentor Program Session 22018 CISSP Mentor Program Session 2
2018 CISSP Mentor Program Session 2
FRSecure
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to Insight
Deep Shankar Yadav
 
Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in security
Osama Ellahi
 
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
HITCON GIRLS
 
Threat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsThreat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk Programs
Rahul Neel Mani
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Priyanka Aash
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Syed Peer
 
Careers in Cyber Security
Careers in Cyber SecurityCareers in Cyber Security
Careers in Cyber Security
Deep Shankar Yadav
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
OWASP Delhi
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
Ben Boyd
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2
David Spinks
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
Chris Sistrunk
 

Contenu connexe

Tendances

6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
Sirius
 
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Santiago Bassett
 

Tendances (20)

Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
 
Crowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceCrowd-Sourced Threat Intelligence
Crowd-Sourced Threat Intelligence
 
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
 
Threat Hunting 101: Intro to Threat Detection and Incident Response
Threat Hunting 101: Intro to Threat Detection and Incident ResponseThreat Hunting 101: Intro to Threat Detection and Incident Response
Threat Hunting 101: Intro to Threat Detection and Incident Response
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
 
2018 CISSP Mentor Program Session 2
2018 CISSP Mentor Program Session 22018 CISSP Mentor Program Session 2
2018 CISSP Mentor Program Session 2
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to Insight
 
Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in security
 
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
 
Threat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsThreat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk Programs
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Careers in Cyber Security
Careers in Cyber SecurityCareers in Cyber Security
Careers in Cyber Security
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 

En vedette

Protecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data BreachesProtecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data Breaches
Lancope, Inc.
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
Lancope, Inc.
 
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
Resilient Systems
 

En vedette (12)

CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
 
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
 
Protecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data BreachesProtecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data Breaches
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksNetwork Security: Protecting SOHO Networks
Network Security: Protecting SOHO Networks
 
PowerUp - Automating Windows Privilege Escalation
PowerUp - Automating Windows Privilege EscalationPowerUp - Automating Windows Privilege Escalation
PowerUp - Automating Windows Privilege Escalation
 
I hunt sys admins 2.0
I hunt sys admins 2.0I hunt sys admins 2.0
I hunt sys admins 2.0
 
The Travelling Pentester: Diaries of the Shortest Path to Compromise
The Travelling Pentester: Diaries of the Shortest Path to CompromiseThe Travelling Pentester: Diaries of the Shortest Path to Compromise
The Travelling Pentester: Diaries of the Shortest Path to Compromise
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
 
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...
 

Similaire à The Library of Sparta

Eidws 111 opsec
Eidws 111 opsecEidws 111 opsec
Eidws 111 opsec
IT2Alcorn
 
Preparing for a Security Breach
Preparing for a Security BreachPreparing for a Security Breach
Preparing for a Security Breach
AlienVault
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
OpenDNS
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
ssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
ssuser4237d4
 
UMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docx
UMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docxUMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docx
UMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docx
willcoxjanay
 
MSc Dissertation 11058374 Final
MSc Dissertation 11058374 FinalMSc Dissertation 11058374 Final
MSc Dissertation 11058374 Final
John Dunne
 

Similaire à The Library of Sparta (20)

Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfare
 
Eidws 111 opsec
Eidws 111 opsecEidws 111 opsec
Eidws 111 opsec
 
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
 
2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist
 
Huntpedia
HuntpediaHuntpedia
Huntpedia
 
huntpedia.pdf
huntpedia.pdfhuntpedia.pdf
huntpedia.pdf
 
Preparing for a Security Breach
Preparing for a Security BreachPreparing for a Security Breach
Preparing for a Security Breach
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
 
Computer Security: Principles of Information Security
Computer Security: Principles of Information SecurityComputer Security: Principles of Information Security
Computer Security: Principles of Information Security
 
Cyber weapons 1632578286
Cyber weapons 1632578286Cyber weapons 1632578286
Cyber weapons 1632578286
 
USSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinUSSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert Lin
 
Stalking the Kill Chain
Stalking the Kill ChainStalking the Kill Chain
Stalking the Kill Chain
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfDigital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
 
UMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docx
UMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docxUMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docx
UMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docx
 
MSc Dissertation 11058374 Final
MSc Dissertation 11058374 FinalMSc Dissertation 11058374 Final
MSc Dissertation 11058374 Final
 
Improve Your Threat Intelligence Strategy With These Ideas
Improve Your Threat Intelligence Strategy With These IdeasImprove Your Threat Intelligence Strategy With These Ideas
Improve Your Threat Intelligence Strategy With These Ideas
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber Space Operation- Offensive Cyber Space Operation
Cyber Space Operation- Offensive Cyber Space OperationCyber Space Operation- Offensive Cyber Space Operation
Cyber Space Operation- Offensive Cyber Space Operation
 

Plus de Lancope, Inc.

Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective Security
Lancope, Inc.
 
The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is Here
Lancope, Inc.
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
Lancope, Inc.
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Lancope, Inc.
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Lancope, Inc.
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
Lancope, Inc.
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
Lancope, Inc.
 
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesSave Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Lancope, Inc.
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident Response
Lancope, Inc.
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Lancope, Inc.
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
Lancope, Inc.
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15
Lancope, Inc.
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
Lancope, Inc.
 
Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14
Lancope, Inc.
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Lancope, Inc.
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
Lancope, Inc.
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response Program
Lancope, Inc.
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1
Lancope, Inc.
 

Plus de Lancope, Inc. (20)

Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective Security
 
The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is Here
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
 
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesSave Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident Response
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly Breaches
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
 
Reverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation TovarReverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation Tovar
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response Program
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1
 

Dernier

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Dernier (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

The Library of Sparta

  • 1. The Library of Sparta David Raymond Greg Conti Tom Cross http://upload.wikimedia.org/wikipedia/commons/0/08/Jean-Jacques-Fran%C3%A7ois_Le_Barbier_-_A_Spartan_Woman_Giving_a_Shield_to_Her_Son.jpg 0
  • 2. Why, So What, and Who Cares… You used to be fighting individuals . . . now you are defending yourselves against nation-states 1
  • 3. On the Internet, the offense has all the cards 2
  • 4. Foundations of Military Doctrine Everything in war is very simple. But the simplest thing is difficult. - Karl Von Clausewitz 3
  • 5. Sources of Military Thought ● Military Theorists ● Doctrinal Manuals ● Print and Online Journals § Small Wars Journal § Parameters § Military Review § SIGNAL § … many more ● Policies 4
  • 6. An Anathema to Some “The most difficult thing about planning against the Americans, is that they do not read their own doctrine, and they would feel no particular obligation to follow it if they did.” Admiral Sergey Gorshkov Commander, Soviet Naval Forces, 1956 - 1985 5
  • 7. Kill Chain Find Fix Track Target Engage Assess ● US Air Force targeting methodology dating to late 1990’s ● Also referred to by clever acronym: F2T2EA "In the first quarter of the 21st century,it will become possible to find, fix or track, and target anything that moves on the surface of the Earth." GEN Ronald R. Fogleman, USAF Chief of Staff October 1996 6
  • 8. Cyber Kill Chain ● Cyber Kill Chain first proposed in a 2010 Lockheed-Martin whitepaper: “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains”, by Hutchins, et. al. *Image source: NoVA Infosec, “Cyber Kill Chain 101.” May 2013, https://www.novainfosec.com/2013/05/29/cyber-kill-chain-101/ 7
  • 9. The Value of the Kill Chain ● Drives the defender to take a comprehensive view of the lifecycle of an attack rather than focusing on a single stage. ● Provides a framework for organizing artifacts of an attack collected during an investigation. ● Turns asymmetry on its head – the attacker must remain covert through each stage of their operation – each stage presents the defender with an opportunity to detect the attack. 8
  • 10. Cyber Terrain Analysis (OCOKA) ● Observation and Fields of Fire What portions of my network can be seen from where? ● Cover and Concealment What can I hide from observation? ● Obstacles How can I make my network harder to attack? ● Key Terrain Cyber terrain that can provide a ‘marked advantage’ ● Avenues of Approach Don’t just think of routers and cables . . . 9
  • 11. Cyberspace Planes and Cyber Terrain ● Supervisory plane o Command and Control ● Cyber persona plane o Persons or ‘accounts’ ● Logical plane further divided into top 6 OSI layers (data link – application) o Operating system and application programs o Services – web, email, file systems o Logical network protocols ● Physical plane == OSI PHY layer (layer 1) o Network devices – switches, routers ● Geographic plane == physical location o Location in which an info system resides Most references to cyber terrain consider only the physical plane. For more on cyber terrain and cyber key terrain, see Raymond, et. al, “Key Terrain in Cyberspace: Seeking the High Ground,” in 6th Annual NATO Conference on Cyber Conflict, Tallinn, Estonia, June 2014. 10
  • 12. Leveraging Cyber Key Terrain An approach to leveraging key terrain emerges from considering the terrain analysis as an attacker and as a defender. As a defender: o Identify Potentially Targeted Assets o Enumerate Avenues of Approach o Consider Observation and Fields of Fire o Place Obstacles, Cover, and Concealment 11
  • 13. Observation and Fields of Fire What does an attacker need access to in order to observe or attack a particular interface associated with a potentially targeted asset? This is an iterative analysis. For example, if the attacker needs access to a particular network in order to reach a critical asset, how can that network, in turn, be accessed? It is through this iterative analysis that a picture of Key Terrain begins to emerge, which include highly interconnected resources as well as resources with connectivity to critical assets. Its important to consider terrain that your organization doesn’t control – attacks on supply chain integrity, waterhole attacks, etc… 12
  • 14. Lessons from Cyber Terrain Analysis ● Battlefield Terrain Analysis maps fairly closely to the sort of analysis that network security people perform when thinking about a network’s exposures. ● Defenders know the terrain they are defending – attackers must discover it through iterative reconnaissance. ● Defenders can exploit an attacker’s lack of knowledge of the terrain. 13
  • 15. Denial* ● Denial includes those measures designed to hinder or deny the enemy the knowledge of an object, by hiding or disrupting the means of observation of the object. ● The basis of denial is dissimulation, the concealing of the truth. * Counterdeception Principles and Applications for National Security, Bennett & Waltz 14
  • 16. Deception* ● Deception is actions executed to deliberately mislead adversary military, paramilitary, or violent extremist organization decision makers, thereby causing the adversary to take specific actions (or inactions) that will contribute to the accomplishment of the friendly mission. ● The basis of deception is simulation, the presentation of that which is false. * JP 3-13.4, Military Deception, 26 January 2012, available at https://publicintelligence.net/jcs-mildec/ 15
  • 17. Network Denial & Deception On the Internet, there is no way to tell whether or not something is actually real. ● Denial o Hidden file systems o Real services on unusual ports ● Deception o Fake database records (Canaries) o Fake employees or user accounts o Phoney systems and services Remember - what is important to you isn’t necessarily what is important to your adversary. 16
  • 18. Exploiting the Human ● It is often observed that the human is the weakest link in any network defense. ● Often, the human is also the weakest link in any network offense. ● What are you doing in your network defense to exploit the human behind the attacks that are targeting you? 17
  • 19. Operations Security (OPSEC)* ● The OPSEC process is a systematic method used to identify, control, and protect critical information and subsequently analyze friendly actions associated with military operations. ● The purpose of operations security (OPSEC) is to reduce the vulnerability of US and multinational forces from successful adversary exploitation of critical information. OPSEC applies to all activities that prepare, sustain, or employ forces. ● There is an entire Joint Publication on OPSEC... Joint Publication 3-13.3 * JP 3-13.3, Operations Security, 4 January 2012, available at https://publicintelligence.net/jcs-opsec/ 18
  • 20. So How Can Good OPSEC Help Me? Attackers: ● Secrecy of the fact of the operation o Avoiding detection o When detected, appear to be something else ● Secrecy of information about the operation o Protect details of the operation o Prevent defenders who are aware of the operation from being able to stop it o C&C addresses, vulnerabilities, malware samples, etc… ● Secrecy of the identity of the operators o Prevent defenders from directly striking the attacker o Is it possible to connect aspects of your operation to your real identity and location? 19
  • 22. So How Can Good OPSEC Help Me? Defenders: ● What can attackers learn about your organization through open sources? o Material for Spear Phishing attacks o Aspects of your Information Security Program o What products do you use? o What do your IT staff say on their resumes, linkedin profiles, and twitter accounts? ● Its hard for large commercial organizations to maintain good OPSEC - focus on the most important secrets. 21
  • 23. The OPSEC Process from JP3-13.3 1. Identification of Critical Information What are you trying to protect? 2. Analysis of Threats Who is trying to get it? 3. Analysis of Vulnerabilities How might they get to it? 4. Assessment of Risk Risk=threat X vulnerability; what are you willing to accept? 5. Application of Appropriate Operations Security Countermeasures Plug the holes! 22
  • 24. What is Threat Intelligence? 00dbb9e1c09dbdafb360f3163ba5a3de 00f24328b282b28bc39960d55603e380 0115338e11f85d7a2226933712acaae8 0141955eb5b90ce25b506757ce151275 0149b7bd7218aab4e257d28469fddb0d 016da6ee744b16656a2ba3107c7a4a29 01e0dc079d4e33d8edd050c4900818da 024fd07dbdacc7da227bede3449c2b6a 0285bd1fbdd70fd5165260a490564ac8 02a2d148faba3b6310e7ba81eb62739d 02c65973b6018f5d473d701b3e7508b2 034374db2d35cf9da6558f54cec8a455 03ae71eba61af2d497e226da3954f3af 0469a42d71b4a55118b9579c8c772bb6 0496e3b17cf40c45f495188a368c203a 04a7b7dab5ff8ba1486df9dbe68c748c 04e83832146034f9797d2e8145413daa 04f481d6710ac5d68d0eacac2600a041 0501bb10d646b29cab7d17a8407010d9 0522e955aaee70b102e843f14c13a92c 052ec04866e4a67f31845d656531830d 0545a524a6bb0b042f4b00da53fec948 05552a77620933dd80f1e176736f8fe7 0583f58ac3d804d28cd433d369b096b8 0588ffa0a244a2c4431c5c4faac60b1f aoldaily.com aolon1ine.com applesoftupdate.com arrowservice.net attnpower.com aunewsonline.com avvmail.com bigdepression.net bigish.net blackberrycluter.com blackcake.net bluecoate.com booksonlineclub.com bpyoyo.com businessconsults.net businessformars.com busketball.com canadatvsite.com canoedaily.com chileexe77.com cnndaily.com cnndaily.net cnnnewsdaily.com 12.38.236.32 71.6.141.230 72.240.45.65 203.231.234.23 202.64.109.187 223.25.233.36 23
  • 25. Doctrinal Definition of Intelligence ● Joint Publication 2-0, Joint Intelligence*: “The product resulting from the collection, processing, integration, evaluation, analysis, and interpretation of available information concerning foreign nations, hostile or potentially hostile forces or elements, or areas of actual or potential operations.” ● In practice, it is a thorough analysis and understanding of the threat’s capabilities, strategy, and tactics and how they can be used on the cyber terrain comprising your operational environment. * Definition from JP 2-0, Joint Intelligence, 22 October 2013, available at http://www.dtic.mil/doctrine/index.html 24
  • 26. The Intelligence Cycle Planning and direction Collection Processing and exploitation Analysis and production Dissemination and integration Evaluation and feedback Nothing is more worthy of the attention of a good general than the endeavor to penetrate the designs of the enemy. Niccolò Machiavelli Discourses, 1517 25 http://armypubs.army.mil/doctrine/DR_pubs/dr_a/pdf/adrp2_0.pdf
  • 27. Characteristics of Effective Intelligence Information Quality Criteria ● Accuracy ● Timeliness ● Usability ● Completeness ● Precision ● Reliability Additional Criteria ● Relevant ● Predictive ● Tailored Commanders’ Considerations include Reducing operational uncertainty Determine appropriate balance between time alloted for collection and operational necessity Prioritize finite resources and capabilities, including network bandwidth Employing internal and supporting intel assets as well as planning, coordinating, and articulating requirements to leverage the entire intelligence enterprise. 26 http://armypubs.army.mil/doctrine/DR_pubs/dr_a/pdf/adrp2_0.pdf
  • 28. Tactics, Techniques, and Procedures (TTPs) Tactics - The employment and ordered arrangement of forces in relation to each other Techniques - Non-prescriptive ways or methods used to perform missions, functions, or tasks Procedures - Standard, detailed steps that prescribe how to perform specific tasks The term TTP is used to refer broadly to the actions that one might take in a particular problem domain. 27 * JP 1-02, DoD Dictionary of Military and Associated Terms, 8 Nov. 2010, available at http://www.dtic.mil/doctrine/
  • 29. Risk Analysis Intel Gain/Loss Calculus ● You’ve discovered an attacker in your network. You could kick them out, but they’d notice that. ● How do you decide when to kick them out and when to let them continue? ● Counter-intuitively, the risk of allowing them to continue increases the more that you know about them. 28
  • 30. The OODA Loop ● COL John Boyd, USAF ● Writings can be found at http://dnipogo.org/john-r-boyd/, provided by the Project on Government Oversight 29 Image from http://crossvale.com/blog/boiling-ocean-analysis-paralysis-and-ooda-loop
  • 31. Simplified OODA in the Context of Time ● Intelligence o Observation o Orientation ● Execution o Decision o Action 30
  • 32. OODA for Cyber Security Conflict: Red vs. Blue Spin your loop faster than your adversary 31
  • 33. OODA Loop Summary* ● Observation and Orientation (OO) increases your perceptive boundaries. Superior Situational Awareness ● Sampling Rate of the OO is relative to the rate of change Fast enough to represent change ● Decision and Actions raise the cost to your adversaries’ Observation/Orientation ● Operate at a faster tempo or rhythm than our adversaries Ultimately you are making it more expensive for the adversary to operate and hide 32 * TK Keanini - The OODA Loop: A Holistic Approach to Cyber Security - https://www.youtube.com/watch?v=RBv82THpBVA
  • 34. Targeting Targeting: The process of selecting and prioritizing targets and matching the appropriate response to them. Target: An entity or object considered for possible engagement or action . . . to support commander’s objectives. Purpose: integrate and synchronize fires into joint operations. Joint Publication 3-60 Joint Targeting http://www.dtic.mil/doctrine/new_pubs/jointpub_operations.htm Army FM 3-60 The Targeting Process http://armypubs.army.mil/doctrine/DR_pubs/dr_a/pdf/fm3_60.pdf 33
  • 35. What is Targeting good for? ● Targeting is a continuous cycle that begins with an analysis of the effects the commander wants to achieve ● Can be lethal or “non-lethal” Effects might include o Deceive o Degrade o Destroy o Influence ● Gives commanders a continuous process to influence their battlespace Targeting Methodology DECIDE Scheme of Maneuver/Fires, High- Payoff Target List DETECT Execute Intelligence Collection Plan DELIVER Execute Attack Guidance Matrix ASSESS Combat Assessment 34
  • 36. How Does This Apply to Cyber Ops? Computer-based effects can be used as part of, or instead of, lethal military action. ● Israeli cyber attack on Syrian air defense systems (2007) ● Russia’s coordinated virtual attack and physical invasion of Georgia (2008) ● Stuxnet (2010) 35
  • 37. Resources on Foreign Doctrine and Strategy: China ● Timothy Thomas’ trilogy and Chinese Information Warfare doctrine, published by the Army’s Foreign Military Studies Office at Fort Leavenworth. o Dragon Bytes, 2003 o Decoding the Virtual Dragon, 2007 o The Dragon’s Quantum Leap, 2009 ● Liang, Qiao and Xiangsui, Wang. Unrestricted Warfare. Summaries and translations abound on the web; extensively covered in Thomas’ Chinese IW trilogy. 36
  • 38. More Foreign Doctrine and Strategy: Russia Russian Military Publications: ● “Doctrine of Information Security of the Russian Federation” (2000) ● “Conceptual Views on the Activity of the Russian Federation Armed Forces in Information Space” (2011) American Foreign Policy Council’s Defense Dossier: ● “How Russia Harnesses Cyberwarfare,” by David J. Smith. 37
  • 39. Great Resources for More Information DoD and Military Branch doctrine: ● Intelligence and Security Doctrine (including DoD and all military branches) Federation of American Scientists’ Intelligence Resource Program http://www.fas.org/irp/doddir ● DOD Dictionary. http://www.dtic.mil/doctrine/dod_dictionary/ ● Joint Doctrine. http://www.dtic.mil/doctrine/doctrine/ ● Army Doctrine. http://armypubs.army.mil/doctrine/Active_FM.html Publications: ● Small Wars Journal: http://smallwarsjournal.com (all online content) ● Military review: http://militaryreview.army.mil (online and print) ● Parameters: http://strategicstudiesinstitute.army.mil/pubs/parameters (online and print). US Army War College quarterly journal. ● Army Branch Magazines (Armor magazine, Infantry magazine, Artillery magazine, ArmyAviation magazine, etc. ● Combined Arms Research Digital Library: http://cgsc.contentdm.oclc.org 38
  • 40. More resources Military Theorists: ● Clausewitz, Carl von. On War, [available at www.clausewitz.com], 1832 ● Jomini, Antoine Henri. The Art of War, [available at www.gutenberg.org], 1862 ● Mitchell, William. Winged Defense: The Development and Possibilities of Modern Air Power--Economic and Military. The University of Alabama Press, Tuscaloosa, AL. 1925 ● Coram, Robert. Boyd: The Fighter Pilot Who Changed the Art of War. Little, Brown and Company, 2002 ● Mao Zedong. On Guerilla Warfare, [Online]. Available at http://www.marxists.org/, 1937 ● Mahan, Alfred Thayer. The Influence of Sea Power Upon History: 1660 - 1783, Little, Brown and Co. 1890 ● Lots more . . . 39
  • 41. Yet more . . . Conferences: ● NATO Conference on Cyber Conflict (CyCon): http://ccdcoe.org/cycon/home.html ● IEEE/AFCEA Annual Military Communications Conference (MILCON): http://www.milcom.org/ Other: ● Center for Army Lessons Learned: http://usacac.army.mil/CAC2/call/ [See our whitepaper for lots more references!] 40