Security Automation - Python - Introduction

•

2 j'aime•877 vues

This document summarizes how security automation can be applied across different areas including security operations, adversary simulation, application security, DevSecOps, and compliance using various tools and Python. Security automation involves integrating tools and automating tasks to improve processes like alert triage, threat intelligence, penetration testing, code analysis, and incident response that would otherwise be done manually. The presenter provides examples of how tasks like phishing email analysis, forensic investigations, vulnerability scanning, and security control checks can be automated using APIs, Python modules for networking and web applications, and other tools to innovate security operations.

Technologie

P R E S E N T A T I O N B Y P 3 T 3 R P 4 R K 3 R
Introduction
Security Automation
Python

Working as a Security Engineer
Hello!
I Am Santhosh Baswa
You can contact me at Twitter@P3t3rP4rk4r

Automation
Innovative & Improve processes using Multiple Integrations.
Automation is taking action without human intervention.
Scope of Industrialisation.

It is the automatic handling of a task in machine-based
security application that would otherwise be done manually
by a cyber security professional.
Security Automation

Security
Automation
Security Operations
(Blue Team)
Adversary
Simulation & PT
(Red Team)
Application
SecurityDevSecOps
Compliance

SOC Operations
(Blue Team)
Alert Triage & IR
- Integration SIEM - (Log sources)
- Correlation Rules & Central Alert System
- IR - Team Coordination (Timeline Track)
Phishing Triage
- Phishing email Analysis.
- Extraction IPs & URLs & Attachments.
- Integrate & Check those IOCs (F/T)
- Automated Email notifications.
APIs + Digital
Forensic
Investigations
- Automated Remote Forensic Imaging
- Automated Volatility Investigation Report
- Innovative Projects (CTI Integrations etc)
Threat Intelligence
- Integrate Dark Web Intelligence Tools
- Track APT + New Malware IOCs
- Password Dumps & Email Compromise
- Automated Threat Lookups & SIEM

Adversary Simulation (Red Team)
&
Penetration Testing
RT / Pentest Environment
- Automated Phishing Campaigns (PhishFrenzy).
- Covert C2 Channels & Beacon Infra (Cobalt Strike)
- Client Sensitive Data Sync/Secure Backup.
Recon
- OSINT (Web Crawling)
- Campaign Email Generation
- Sensitive Data Collection (Ex:Gitrob)
Scan/Enumeration
- Controlled NMAP Scans (NSE)
- Sub Directories/Domains ReportsExploitation
- Modification of Toolset
- Payload Generation
- AV Bypass payload Test Post Exploitation
- Data Exfiltration Automation
- Slack/Gmail/Twitter/C2

01
02
03
05
04
Bugs/Fixes
- Vulnerable Versions & Packages.
- Security Bug fixes (Bug Bounty)
Testing/Verification
- Automated DAST Program.
Code/Implementation
- Secure Coding Standards.
- Static Code Test Automation
Requirements & Design
- Choose Dependencies / Languages
- Secure Application Design
Training
- Training program for new joiners /
experience developers.
- Test their abilities through Quiz.
Application Security -Automation

Detect & Respond
- Automated Incident Scoring
- Tracking Incidents
Protect
- Security Controls Check (NIST)
- Track process & Procedures
Inventory
- External Asset Inventory
- Automated Risk Level
Categorisation
Recovery
- Syslog Backups
- Downtime
- Crisis management
Compliance -Automation

Python Automation
Sys/NetworkOps (OS Internals/Command Execution/SSH/SMTP/SNMP)
Web modules (OSINT/WebApp Testing/Auth/Injections/Brute force)
Cryptography (Hash/Encrypt/Decrypt)
Network/Digital Forensics (Steganography/PCAP Analysis/Image Acquisition)

You can find me at:
git@P3t3rp4rk3r
Google:”Santhosh Baswa”
Any questions?
Thanks!

Contenu connexe

Tendances

18CS2005 Cryptography and Network Security

Programming language

Omega example

Path Testing

Cost of defects

Elliptic curve cryptography

Cysinfo Cyber Security Community

Types of Compilers

Hemant Chetwani

Interrupts

Albin Panakkal

Topic1 substitution transposition-techniques

MdFazleRabbi18

Techniques & applications of Compiler

Preethi AKNR

Linker and Loader Explained

Adarsh Kr Sinha

Compiler Design Introduction

Richa Sharma

Phases of Compiler

Tanzeela_Hussain

MIPS Architecture

Dr. Balaji Ganesh Rajagopal

Trusted Platform Module (TPM)

k33a

Compiler Design Basics

Akhil Kaushik

Introduction to embedded systems

EslamSaid16

OS Process Synchronization, semaphore and Monitors

sgpraju

Error Detection & Recovery

Akhil Kaushik

Compiler Design

Mir Majid

Tendances (20)

18CS2005 Cryptography and Network Security

Programming language

Omega example

Path Testing

Cost of defects

Elliptic curve cryptography

Types of Compilers

Interrupts

Topic1 substitution transposition-techniques

Techniques & applications of Compiler

Linker and Loader Explained

Compiler Design Introduction

Phases of Compiler

MIPS Architecture

Trusted Platform Module (TPM)

Compiler Design Basics

Introduction to embedded systems

OS Process Synchronization, semaphore and Monitors

Error Detection & Recovery

Compiler Design

Similaire à Security Automation - Python - Introduction

Sumo Logic Cert Jam - Security Analytics

Sumo Logic

This talk briefly discusses strategies and methodologies than can be employed when assessing IoT devices. We look at how to develop credible threat scenarios for different IoT device and systems, perform static and dynamic attack surface mapping, perform static firmware analysis, perform static hardware analysis, undertake a dynamic device security analysis, sources of supporting information, supporting capability requirements and establishment, Execution of dynamic device analysis and approaches around network protocol analysis.

Practical Security Assessments of IoT Devices and Systems

Ollie Whitehouse

Get Certified as a Sumo Security Power User! With security threats on the rise, come join our Security and Compliance experts to learn how Sumo Logic’s Threat Intelligence can help you stay on top of your environment by matching IOCs like IP address, domain names, URL, email addresses, MD5 hashes and more, to increase velocity and accuracy of threat detection. Hands on labs help cement the knowledge learned.

Security Certification: Security Analytics using Sumo Logic - Oct 2018

Sumo Logic

This talk will highlight a signature-less method to detect malicious behavior before the delivery of the ransomware payload can infect the machine. The ML-driven detection method is coupled with the automated generation of a Group Policy Object and in this way we demonstrate an automated way to take action and create a policy based on observed IOC’s detected in a zero-day exploit pattern. ( Source : RSA Conference USA 2017)

Automated prevention of ransomware with machine learning and gpos

Priyanka Aash

SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs

Rod Soto

Over the past few years, penetration testing has gotten easier. What used to take a week of scanning, analysis, and exploit research now happens in one day on average in a common IT environment. The efficiency of compromise has increased based on several factors including increased knowledge sharing, more robust computing, and automated exploitation tools. OT environments are often utilizing the same operating systems and are prone to many of the same attacks. The main differences are the presence of custom protocols, embedded systems, and lack of formal security programs to address the gaps created by two-way data communication networks. This talk will show the most common attacks which our team currently uses to gain access and control over the networks and systems we test. More importantly, we will discuss the “top 10” things an organization can do to mitigate, remediate, and have active visibility into critical systems.

Slide Griffin - Practical Attacks and Mitigations

EnergySec

technical-information-gathering-slides.pdf

MarceloCunha571649

Over the past decade, usage of online applications is experiencing remarkable growth. One of the main reasons for the success of web application is its “Ease of Access” and availability on internet. The simplicity of the HTTP protocol makes it easy to steal and spoof identity. The business liability associated with protecting online information has increased significantly and this is an issue that must be addressed. According to SANSTop20, 2013 list the number one targeted server side vulnerability are Web Applications. So, this has made detecting and preventing attacks on web applications a top priority for IT companies. In this paper, a rational solution is brought to detect events on web application and provides Security intelligence, log management and extensible reporting by analyzing web server logs.

Big Data Security Analytic Solution using Splunk

IJERA Editor

Axxera Security Solutions

akshayvreddy

The recorded version of 'Best Of The World Webcast Series' [Webinar] where Jacob Holcomb speaks on 'RIoT (Raiding Internet of Things)' is available on CISOPlatform. Best Of The World Webcast Series are webinars where breakthrough/original security researchers showcase their study, to offer the CISO/security experts the best insights in information security. For more signup(it's free): www.cisoplatform.com

RIoT (Raiding Internet of Things) by Jacob Holcomb

Priyanka Aash

The cyber threat landscape is becoming more dangerous and challenging all the time. Here, you’ll find a practical, expert-crafted resource to help keep your enterprise secure and successful for the long-term. It’s our way to help you get informed -- and stay safe. Protection API -Transforms your existing devices into a complete APT solution -Complements current network security -Enhances perimeter defenses

Application Programming Interface

Seculert

Discover how Sona Srinivasan, Senior Architect of Cisco IT’s Global Architecture and Technology Services group, helps transform an IT DevOps strategy to a Security DevOps strategy, with IBM Security's assistance. Cisco is presently implementing continuous security and agile methods throughout the software development lifecycle (SDLC), and specific examples of current initiatives will be reviewed in this session.

Leverage DevOps & Agile Development to Transform Your Application Testing Pro...

Deborah Schalm

Leverage DevOps & Agile Development to Transform Your Application Testing Pro...

DevOps.com

Leverage DevOps & Agile Development to Transform Your Application Testing Pro...

DevOps for Enterprise Systems

INTERFACE by apidays 2023 APIs for a “Smart” economy. Embedding AI to deliver Smart APIs and turn into an exponential organization June 28 & 29, 2023 Security Exposure Management in API First World Sandeep Nain, VP Security and Trust at Carta ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...

apidays

ScaleOut your team - Building a technology team for scale in a DevOps culture

AgileSparks

MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security

APNIC

2022 APIsecure_Method for exploiting IDOR on nodejs+mongodb based backend

APIsecure_ Official

Tematem mojej prezentacji będzie omówienie wybranych zagrożeń bezpieczeństwa, które są wykrywane i obsługwane przez analityków SOC. Zwrócę uwagę na incydenty bezpieczeństwa, które powinny być przedmiotem monitorowania w każdym SOC oraz wskażę przykłady implementacji mechanizmów detekcji wybranych zagrożeń. W drugiej części prezentacji opowiem o stowarzyszeniu (ISC)2 Poland Chapter, a dokładniej czym się zajmujemy i jak można do nas dołączyć. http://isc2chapter-poland.com/

[CONFidence 2016] Jacek Grymuza - From a life of SOC Analyst

PROIDEA

Getting Started with Splunk Enterprise

Splunk

Similaire à Security Automation - Python - Introduction (20)

Sumo Logic Cert Jam - Security Analytics

Practical Security Assessments of IoT Devices and Systems

Security Certification: Security Analytics using Sumo Logic - Oct 2018

Automated prevention of ransomware with machine learning and gpos

SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs

Slide Griffin - Practical Attacks and Mitigations

technical-information-gathering-slides.pdf

Big Data Security Analytic Solution using Splunk

Axxera Security Solutions

RIoT (Raiding Internet of Things) by Jacob Holcomb

Application Programming Interface

Leverage DevOps & Agile Development to Transform Your Application Testing Pro...

INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...

ScaleOut your team - Building a technology team for scale in a DevOps culture

MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security

2022 APIsecure_Method for exploiting IDOR on nodejs+mongodb based backend

[CONFidence 2016] Jacek Grymuza - From a life of SOC Analyst

Getting Started with Splunk Enterprise

Dernier

DBX First Quarter 2024 Investor Presentation

Dropbox

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Exploring Multimodal Embeddings with Milvus

Zilliz

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

When you’re building (micro)services, you have lots of framework options. Spring Boot is no doubt a popular choice. But there’s more! Take Quarkus, a framework that’s considered the rising star for Kubernetes-native Java. It always depends on what's best for your situation, but how to choose the best solution if you're comparing 2 frameworks? Both Spring Boot and Quarkus have their positives and negatives. Let us compare the two by live coding a couple of common use cases in Spring Boot and Quarkus. After this talk, you’ll be ready to get started with Quarkus yourself, and know when to select Quarkus or Spring Boot.

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

Jago de Vreede

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Orbitshub

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Zilliz

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Dernier (20)

DBX First Quarter 2024 Investor Presentation

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Exploring Multimodal Embeddings with Milvus

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

presentation ICT roal in 21st century education

MS Copilot expands with MS Graph connectors

Corporate and higher education May webinar.pptx

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

How to Troubleshoot Apps for the Modern Connected Worker

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Exploring the Future Potential of AI-Enabled Smartphone Processors

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

FWD Group - Insurer Innovation Award 2024

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Security Automation - Python - Introduction

1. P R E S E N T A T I O N B Y P 3 T 3 R P 4 R K 3 R Introduction Security Automation Python

2. Working as a Security Engineer Hello! I Am Santhosh Baswa You can contact me at Twitter@P3t3rP4rk4r

3. Think Innovative Automation 1

4. Automation Innovative & Improve processes using Multiple Integrations. Automation is taking action without human intervention. Scope of Industrialisation.

5. It is the automatic handling of a task in machine-based security application that would otherwise be done manually by a cyber security professional. Security Automation

6. Security Automation Security Operations (Blue Team) Adversary Simulation & PT (Red Team) Application SecurityDevSecOps Compliance

7. SOC Operations (Blue Team) Alert Triage & IR - Integration SIEM - (Log sources) - Correlation Rules & Central Alert System - IR - Team Coordination (Timeline Track) Phishing Triage - Phishing email Analysis. - Extraction IPs & URLs & Attachments. - Integrate & Check those IOCs (F/T) - Automated Email notifications. APIs + Digital Forensic Investigations - Automated Remote Forensic Imaging - Automated Volatility Investigation Report - Innovative Projects (CTI Integrations etc) Threat Intelligence - Integrate Dark Web Intelligence Tools - Track APT + New Malware IOCs - Password Dumps & Email Compromise - Automated Threat Lookups & SIEM

8. Adversary Simulation (Red Team) & Penetration Testing RT / Pentest Environment - Automated Phishing Campaigns (PhishFrenzy). - Covert C2 Channels & Beacon Infra (Cobalt Strike) - Client Sensitive Data Sync/Secure Backup. Recon - OSINT (Web Crawling) - Campaign Email Generation - Sensitive Data Collection (Ex:Gitrob) Scan/Enumeration - Controlled NMAP Scans (NSE) - Sub Directories/Domains ReportsExploitation - Modification of Toolset - Payload Generation - AV Bypass payload Test Post Exploitation - Data Exfiltration Automation - Slack/Gmail/Twitter/C2

9. 01 02 03 05 04 Bugs/Fixes - Vulnerable Versions & Packages. - Security Bug fixes (Bug Bounty) Testing/Verification - Automated DAST Program. Code/Implementation - Secure Coding Standards. - Static Code Test Automation Requirements & Design - Choose Dependencies / Languages - Secure Application Design Training - Training program for new joiners / experience developers. - Test their abilities through Quiz. Application Security -Automation

10. DevSecOps Cloud Infrastructure - Security Monitoring (CloudTrail) - Automated Profile based Security Checks Automated Security Tests - Security Functional Tests (Auth checks) - Default Configs (Apache security config checks) Code Analysis - Static Code Analysis (Vulnerable Functions) Runtime Application Security - Fuzzing/Dynamic checks on Validation. - Automated API input checks.

11. Detect & Respond - Automated Incident Scoring - Tracking Incidents Protect - Security Controls Check (NIST) - Track process & Procedures Inventory - External Asset Inventory - Automated Risk Level Categorisation Recovery - Syslog Backups - Downtime - Crisis management Compliance -Automation

12. Python Automation Ideas

13. Python Automation Sys/NetworkOps (OS Internals/Command Execution/SSH/SMTP/SNMP) Web modules (OSINT/WebApp Testing/Auth/Injections/Brute force) Cryptography (Hash/Encrypt/Decrypt) Network/Digital Forensics (Steganography/PCAP Analysis/Image Acquisition)

14. “Practical Session

15. You can find me at: git@P3t3rp4rk3r Google:”Santhosh Baswa” Any questions? Thanks!

Security Automation - Python - Introduction

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Security Automation - Python - Introduction

Similaire à Security Automation - Python - Introduction (20)

Dernier

Dernier (20)

Security Automation - Python - Introduction