SlideShare une entreprise Scribd logo

Unity Makes Strength

Xavier Mertens
Xavier Mertens

How to improve your security by interconnecting devices/applications to increase their knowledge, detection/protection capabilities.

Technologie
1  sur  52
Télécharger pour lire hors ligne
Unity Makes Strength BSidesAthens 2017 - Xavier Mertens
<profile>
 <name>Xavier Mertens</name>
 <aka>Xme</aka>
 <jobs>
 <day>Freelancer</day>
 <night>Blogger, ISC Handler, Hacker</night>
 </jobs>
 <![CDATA[
 www.truesec.be
 blog.rootshell.be
 isc.sans.edu
 www.brucon.org
 ]]>
 </profile> Follow
 me!
“Did you turn it off and on again?”
Agenda • Some facts • Current situation • Toolbox • Examples 5
Welcome to Belgium! 6
Belgique, België, Belgien But with a very complicated political landscape! 7
Belgian Motto “L’union fait la force” (“Unity Makes Strength”) 8
And Infosec? Why not apply this to our security infrastructures? 9
Agenda • Some facts • Classic Situation • Toolbox • Examples 10
Initial Situation Firewall IDS Proxy Malware Analysis Action Action Action Action 11
Then Came the god “SIEM” Firewall IDS Proxy Malware Analysis Logs Logs Logs Logs Centralized Logging Solutions / SIEM 12
Weaknesses? • Independent solutions • Static configurations • Only logs are centralized • No global protection • Useful data not shared • Real-time protection not easy 13
Teams Must Share Too! 14
The Value of Data • IP addresses • User names (!) • URLs • Domains • Digests (MD5, SHA1, etc) 15
Multiple Sources • Online repositories • Internal resources • Automatic process 16
Nothing New! Input OutputProcess 17
Back to the Roots • REXX is a scripting language
 invented by IBM. • ARexx was implemented in
 AmigaOS in 1987. • Allow applications having an
 ARexx interface to
 communicate to exchange
 data. 18
RTFM! • Security is a big market ($$$) • The “Microsoft Office” effect
 (<10% of features really used) • Invest time to learn how your
 products work. • Be a hacker: Learn how it work
 and make it work like you want. 19
A True Story…(1)(2) During a meeting with $VENDOR_A, the presales guy proposed a new solution to intercept SSL traffic. Later, the engineer explained that the $VENDOR_B’s product could perfectly handle the traffic just by activating the feature “x” and redirecting traffic to $VENDOR_A’s appliance. Still remembering the face of the presales guy… Priceless! 20 (1) Names have been changed to protect the innocents (2) More info could be disclosed during the after party :-)
BackdoorsAPI’s • CLI • WebAPI (JSON, XML) • Databases • Scripting languages • Serial console 21
Protocols / Formats • HTTP(S) • JSON, XML, … • TFTP • SSH • SNMP • IF-MAP 22
Lazy people or Optimization? 23 “A lazy sysadmin is the best admin” - Anonymous
Automation is the Key • Python|Perl|Bash|… • Expect! use Expect; my $e = Expect->new(); my $c = “ssh $user@$host”; $e = Expect->spawn($c) or die “No SSH?”; $e->Expect($timeout, [ qr’password: $’, sub { my $fh = shift; print $fh $passwordn”; } ] 24
A New Architecture Firewall IDS Proxy Malware Analysis Logs Logs Logs Logs Centralized Logging Solutions / SIEM 25 Action Action Action Action Toolbox
Agenda • Some facts • Current situation • Toolbox • Examples 26
HTTPS • Generate an API key
 
 https://10.0.0.1/api/?type=keygen&user=foo&password=bar • Submit XML requests
 
 https://10.0.0.1/api/? type=config&key=xxx&action=set&xpath=/config/device/ entry[@name=localhost]/vsys/entry[@name=vsys1]/address/ entry[@name=NewHost]&element=<ip-netmask>192.168.0.1</ ip-netmask><description>Test</description> 27
Snort-Rules Generator • Lot of Security tools accept Snort rules use Snort::Rule my $rule = Snort::Rule->new( -action => ‘alert’, -proto => ‘tcp’, -src => ‘10.0.0.1’, -sport => ‘any’, -dst => ‘any’, -dport => ‘any’, ); $rule->opts(‘msg’, ‘Detect traffic from 10.0.1’); $rule->opts(‘sid’, ‘666666’); 28
IF-MAP • Open standard to allow authorized devices to publish/search relevant information • Information could be • IP • Login • Location (devices) 29
IF-MAP use Ifmap; use Ifmap::Util; my $r=Ifmap::Request::NewSession->new(); my $ip=Ifmap::Identifier::IpAddress->new(ip_address, ‘10.0.0.1’); my $mac=Ifmap::Identifier::MacAddress->new(mac_address, ‘aa:bb:cc:dd:ee:ff’); my $id = Ifmap::Identifier::Identity->new(name=> ‘john’, type=>‘username’); my $meta=Ifmap::Metadata::Element->new(name=>‘name’, value=‘employee’); 30
SNMP $ snmpset 10.0.1 Pr1v4t3 .1.3.6.1.4.1.9.2.1.53.10.0.2 acl.tmp 31 • SNMP can be used to push configuration changes • Example: • Router 10.0.0.1 will pull the access-list “acm.tmp” from TFTP server 10.0.0.2
TCL event manager applet Interface_Event event syslog pattern “.*UPDOWN.*FastEthernet0/1.* changed state to .*” event 1.0 cli command “tclsh flash:notify.tcl” 32 • Cisco devices have a framework called EEM: “Embedded Event Manager” • Example: • The router may communicate information based on its status
The Conductor • OSSEC • Log Management • Active-Response • Powerful alerts engine 33
Action? Reaction! • Example of OSSEC rule <rule id=”100101” level=”5” frequency=”5” timeframe=”60”> <match>access denied</match> <group>invalid_login,</group> </rule> <active-response> <command>ad-block-user</command> <location>local</location> <rules_id>100101</rules_id> </active-response> 34
Agenda • Some facts • Current situation • Toolbox • Examples 35
<warning> Some slides contain examples based on open source as well as v€ndor$ solutions. No affiliation ahead! </warning> 36
Online Resources • DNS-BH
 $ wget -N http://dns-bh.sagadc.org/domains.txt • Google SafeBrowsing use Net::Google::SafeBrowsing2; use Net::Google::SafeBrowsing2:::Sqlite; my gsb = Net::Google::SafeBrowsing2->new( key => “xxx”, storage => Net::Google::SafeBrowsing2::Sqlite- >new(file => “google.db”) ); $gsb->update(); my $match = $gsb->lookup(url => “http://evil.com”); if ($match eq MALWARE) { ... } 37
Dynamic Firewall Config • FireEye malware analysis box • Firewalls • Checkpoint • PaloAlto • IPtables • <insert your preferred fw $VENDOR here> 38
39 Dynamic Firewall Config (*) (*) Replace “Palo Alto” with your favourite $VENDOR
Dynamic User Blacklist • Syslog Concentrator • OSSEC • SSL VPN • LDAP directory 40
Dynamic User Blacklist $ ldapmodify -D ‘cn=admin’ -w ‘pass’ dn:uid=jdoe,o=acme.org changetype: modify replace:userpassword userpassword:newpass 41
Hunting for Samples • Postfix • Bro • Viper • Cuckoo • MISP 42
43 Hunting for Samples
Hunting for Malicious Files • MISP • OSSEC • mof.py (“MISP OSSEC Feeder”) 44
Hunting for Malicious Files 45 # # OSSEC RootCheck IOC generated by MOF (MISP OSSEC Feeder) # https://github.com/xme/ # # Generated on: Mon Jul 11 22:06:56 2016 # MISP url: https://misp.home.rootshell.be/ # Wayback time: 30d # [MISP_2073] [any] [Packrat: Seven Years of a South American Threat Actor] r:HKLMSOFTWAREMicrosoftActive; r:HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRunPolicies; r:HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunmsconfig; [MISP_2200] [any] [Click-Fraud Ramdo Malware Family Continues to Plague Users] r:HKCUSOFTWAREAdobeAcrobat Reader14.0GlobalsLastLoggedOnProvider; r:HKCUSOFTWAREAdobeAcrobat Reader14.0GlobalsIconUnderline; r:HKCUSOFTWAREAdobeAcrobat Reader14.0GlobalsHangDetect; r:HKCUSOFTWAREAdobeAcrobat Reader14.0GlobalsLastProgress; r:HKCUSOFTWAREAdobeAcrobat Reader14.0GlobalsShowTabletKeyboard; r:HKCUSoftwareMicrosoftWindowsCurrentVersionRunBluetoothManage; [MISP_2210] [any] [Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom] f:%USERPROFILE%AppDataRoamingFrfx; f:%USERPROFILE%AppDataRoamingFrfxfirefox.exe; f:%USERPROFILE%AppDataLocalDrpbx; f:%USERPROFILE%AppDataLocalDrpbxdrpbx.exe; f:%USERPROFILE%AppDataRoamingSystem32Work; f:%USERPROFILE%AppDataRoamingSystem32WorkAddress.txt; f:%USERPROFILE%AppDataRoamingSystem32Workdr; f:%USERPROFILE%AppDataRoamingSystem32WorkEncryptedFileList.txt;
Hunting for Malicious Files 46
MySQL Self-Defense • MySQL Server • MySQL Proxy • lib_mysqludf_log 47
MySQL Self-Defense 48 (https://blog.rootshell.be/2012/11/01/mysql-attacks-self-detection/)
Controls • Security first! • Strong controls must be implemented • Authentication/Authorization • Could break your compliance • Use an OoB network • Risk of DoS! 49
Controls • RFC1918 • Alexa Ranking List • Top local sites • admin logins • Your domains, IP addresses 50
Conclusions • Don’t buy just “a box” • RTFM • Control • Take time to optimise your time (be lazy!) 51
Thank You! Questions? Shoot or… Στην υγειά σας! 52

Recommandé

Dynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency PlanningDynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency PlanningSean Chittenden
 
Modern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSDModern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSDSean Chittenden
 
Production Readiness Strategies in an Automated World
Production Readiness Strategies in an Automated WorldProduction Readiness Strategies in an Automated World
Production Readiness Strategies in an Automated WorldSean Chittenden
 
Creating PostgreSQL-as-a-Service at Scale
Creating PostgreSQL-as-a-Service at ScaleCreating PostgreSQL-as-a-Service at Scale
Creating PostgreSQL-as-a-Service at ScaleSean Chittenden
 
Supercharging Content Delivery with Varnish
Supercharging Content Delivery with VarnishSupercharging Content Delivery with Varnish
Supercharging Content Delivery with VarnishSamantha Quiñones
 
PostgreSQL High-Availability and Geographic Locality using consul
PostgreSQL High-Availability and Geographic Locality using consulPostgreSQL High-Availability and Geographic Locality using consul
PostgreSQL High-Availability and Geographic Locality using consulSean Chittenden
 
Incrementalism: An Industrial Strategy For Adopting Modern Automation
Incrementalism: An Industrial Strategy For Adopting Modern AutomationIncrementalism: An Industrial Strategy For Adopting Modern Automation
Incrementalism: An Industrial Strategy For Adopting Modern AutomationSean Chittenden
 
NGINX High-performance Caching
NGINX High-performance CachingNGINX High-performance Caching
NGINX High-performance CachingNGINX, Inc.
 

Recommandé

Dynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency PlanningDynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency PlanningSean Chittenden
 
Modern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSDModern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSDSean Chittenden
 
Production Readiness Strategies in an Automated World
Production Readiness Strategies in an Automated WorldProduction Readiness Strategies in an Automated World
Production Readiness Strategies in an Automated WorldSean Chittenden
 
Creating PostgreSQL-as-a-Service at Scale
Creating PostgreSQL-as-a-Service at ScaleCreating PostgreSQL-as-a-Service at Scale
Creating PostgreSQL-as-a-Service at ScaleSean Chittenden
 
Supercharging Content Delivery with Varnish
Supercharging Content Delivery with VarnishSupercharging Content Delivery with Varnish
Supercharging Content Delivery with VarnishSamantha Quiñones
 
PostgreSQL High-Availability and Geographic Locality using consul
PostgreSQL High-Availability and Geographic Locality using consulPostgreSQL High-Availability and Geographic Locality using consul
PostgreSQL High-Availability and Geographic Locality using consulSean Chittenden
 
Incrementalism: An Industrial Strategy For Adopting Modern Automation
Incrementalism: An Industrial Strategy For Adopting Modern AutomationIncrementalism: An Industrial Strategy For Adopting Modern Automation
Incrementalism: An Industrial Strategy For Adopting Modern AutomationSean Chittenden
 
NGINX High-performance Caching
NGINX High-performance CachingNGINX High-performance Caching
NGINX High-performance CachingNGINX, Inc.
 
Using NGINX as an Effective and Highly Available Content Cache
Using NGINX as an Effective and Highly Available Content CacheUsing NGINX as an Effective and Highly Available Content Cache
Using NGINX as an Effective and Highly Available Content CacheKevin Jones
 
5 things you didn't know nginx could do
5 things you didn't know nginx could do5 things you didn't know nginx could do
5 things you didn't know nginx could dosarahnovotny
 
Content Caching with NGINX and NGINX Plus
Content Caching with NGINX and NGINX PlusContent Caching with NGINX and NGINX Plus
Content Caching with NGINX and NGINX PlusKevin Jones
 
Vault
VaultVault
Vaultdawnlua
 
Using Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsUsing Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsDerek Downey
 
Mitigating Security Threats with Fastly - Joe Williams at Fastly Altitude 2015
Mitigating Security Threats with Fastly - Joe Williams at Fastly Altitude 2015Mitigating Security Threats with Fastly - Joe Williams at Fastly Altitude 2015
Mitigating Security Threats with Fastly - Joe Williams at Fastly Altitude 2015Fastly
 
High Availability Content Caching with NGINX
High Availability Content Caching with NGINXHigh Availability Content Caching with NGINX
High Availability Content Caching with NGINXNGINX, Inc.
 
High Availability Content Caching with NGINX
High Availability Content Caching with NGINXHigh Availability Content Caching with NGINX
High Availability Content Caching with NGINXKevin Jones
 
Scaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngScaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngPeter Czanik
 
Deploying NGINX Plus with Ansible
Deploying NGINX Plus with AnsibleDeploying NGINX Plus with Ansible
Deploying NGINX Plus with AnsibleKevin Jones
 
A Case Study in Attacking KeePass
A Case Study in Attacking KeePassA Case Study in Attacking KeePass
A Case Study in Attacking KeePassWill Schroeder
 
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX, Inc.
 
BloodHound: Attack Graphs Practically Applied to Active Directory
BloodHound: Attack Graphs Practically Applied to Active DirectoryBloodHound: Attack Graphs Practically Applied to Active Directory
BloodHound: Attack Graphs Practically Applied to Active DirectoryAndy Robbins
 
ITB2017 - Nginx Effective High Availability Content Caching
ITB2017 - Nginx Effective High Availability Content CachingITB2017 - Nginx Effective High Availability Content Caching
ITB2017 - Nginx Effective High Availability Content CachingOrtus Solutions, Corp
 
Data Encryption at Rest
Data Encryption at RestData Encryption at Rest
Data Encryption at RestAll Things Open
 
Altitude SF 2017: Security at the edge
Altitude SF 2017: Security at the edgeAltitude SF 2017: Security at the edge
Altitude SF 2017: Security at the edgeFastly
 
NGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX, Inc.
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultAWS Germany
 
Altitude SF 2017: Advanced VCL: Shielding and Clustering
Altitude SF 2017: Advanced VCL: Shielding and ClusteringAltitude SF 2017: Advanced VCL: Shielding and Clustering
Altitude SF 2017: Advanced VCL: Shielding and ClusteringFastly
 
Nginx - Tips and Tricks.
Nginx - Tips and Tricks.Nginx - Tips and Tricks.
Nginx - Tips and Tricks.Harish S
 
Unity makes strength
Unity makes strengthUnity makes strength
Unity makes strengthXavier Mertens
 
Unity Makes Strength SOURCE Dublin 2013
Unity Makes Strength SOURCE Dublin 2013Unity Makes Strength SOURCE Dublin 2013
Unity Makes Strength SOURCE Dublin 2013Xavier Mertens
 

Contenu connexe

Tendances

Using NGINX as an Effective and Highly Available Content Cache
Using NGINX as an Effective and Highly Available Content CacheUsing NGINX as an Effective and Highly Available Content Cache
Using NGINX as an Effective and Highly Available Content CacheKevin Jones
 
5 things you didn't know nginx could do
5 things you didn't know nginx could do5 things you didn't know nginx could do
5 things you didn't know nginx could dosarahnovotny
 
Content Caching with NGINX and NGINX Plus
Content Caching with NGINX and NGINX PlusContent Caching with NGINX and NGINX Plus
Content Caching with NGINX and NGINX PlusKevin Jones
 
Using Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsUsing Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsDerek Downey
 
Mitigating Security Threats with Fastly - Joe Williams at Fastly Altitude 2015
Mitigating Security Threats with Fastly - Joe Williams at Fastly Altitude 2015Mitigating Security Threats with Fastly - Joe Williams at Fastly Altitude 2015
Mitigating Security Threats with Fastly - Joe Williams at Fastly Altitude 2015Fastly
 
High Availability Content Caching with NGINX
High Availability Content Caching with NGINXHigh Availability Content Caching with NGINX
High Availability Content Caching with NGINXNGINX, Inc.
 
High Availability Content Caching with NGINX
High Availability Content Caching with NGINXHigh Availability Content Caching with NGINX
High Availability Content Caching with NGINXKevin Jones
 
Scaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngScaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngPeter Czanik
 
Deploying NGINX Plus with Ansible
Deploying NGINX Plus with AnsibleDeploying NGINX Plus with Ansible
Deploying NGINX Plus with AnsibleKevin Jones
 
A Case Study in Attacking KeePass
A Case Study in Attacking KeePassA Case Study in Attacking KeePass
A Case Study in Attacking KeePassWill Schroeder
 
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX, Inc.
 
BloodHound: Attack Graphs Practically Applied to Active Directory
BloodHound: Attack Graphs Practically Applied to Active DirectoryBloodHound: Attack Graphs Practically Applied to Active Directory
BloodHound: Attack Graphs Practically Applied to Active DirectoryAndy Robbins
 
ITB2017 - Nginx Effective High Availability Content Caching
ITB2017 - Nginx Effective High Availability Content CachingITB2017 - Nginx Effective High Availability Content Caching
ITB2017 - Nginx Effective High Availability Content CachingOrtus Solutions, Corp
 
Altitude SF 2017: Security at the edge
Altitude SF 2017: Security at the edgeAltitude SF 2017: Security at the edge
Altitude SF 2017: Security at the edgeFastly
 
NGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX, Inc.
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultAWS Germany
 
Altitude SF 2017: Advanced VCL: Shielding and Clustering
Altitude SF 2017: Advanced VCL: Shielding and ClusteringAltitude SF 2017: Advanced VCL: Shielding and Clustering
Altitude SF 2017: Advanced VCL: Shielding and ClusteringFastly
 
Nginx - Tips and Tricks.
Nginx - Tips and Tricks.Nginx - Tips and Tricks.
Nginx - Tips and Tricks.Harish S
 

Tendances (20)

Using NGINX as an Effective and Highly Available Content Cache
Using NGINX as an Effective and Highly Available Content CacheUsing NGINX as an Effective and Highly Available Content Cache
Using NGINX as an Effective and Highly Available Content Cache
 
5 things you didn't know nginx could do
5 things you didn't know nginx could do5 things you didn't know nginx could do
5 things you didn't know nginx could do
 
Content Caching with NGINX and NGINX Plus
Content Caching with NGINX and NGINX PlusContent Caching with NGINX and NGINX Plus
Content Caching with NGINX and NGINX Plus
 
Vault
VaultVault
Vault
 
Using Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsUsing Vault to decouple MySQL Secrets
Using Vault to decouple MySQL Secrets
 
Mitigating Security Threats with Fastly - Joe Williams at Fastly Altitude 2015
Mitigating Security Threats with Fastly - Joe Williams at Fastly Altitude 2015Mitigating Security Threats with Fastly - Joe Williams at Fastly Altitude 2015
Mitigating Security Threats with Fastly - Joe Williams at Fastly Altitude 2015
 
High Availability Content Caching with NGINX
High Availability Content Caching with NGINXHigh Availability Content Caching with NGINX
High Availability Content Caching with NGINX
 
High Availability Content Caching with NGINX
High Availability Content Caching with NGINXHigh Availability Content Caching with NGINX
High Availability Content Caching with NGINX
 
Scaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngScaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ng
 
Deploying NGINX Plus with Ansible
Deploying NGINX Plus with AnsibleDeploying NGINX Plus with Ansible
Deploying NGINX Plus with Ansible
 
A Case Study in Attacking KeePass
A Case Study in Attacking KeePassA Case Study in Attacking KeePass
A Case Study in Attacking KeePass
 
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA Broadcast
 
BloodHound: Attack Graphs Practically Applied to Active Directory
BloodHound: Attack Graphs Practically Applied to Active DirectoryBloodHound: Attack Graphs Practically Applied to Active Directory
BloodHound: Attack Graphs Practically Applied to Active Directory
 
ITB2017 - Nginx Effective High Availability Content Caching
ITB2017 - Nginx Effective High Availability Content CachingITB2017 - Nginx Effective High Availability Content Caching
ITB2017 - Nginx Effective High Availability Content Caching
 
Data Encryption at Rest
Data Encryption at RestData Encryption at Rest
Data Encryption at Rest
 
Altitude SF 2017: Security at the edge
Altitude SF 2017: Security at the edgeAltitude SF 2017: Security at the edge
Altitude SF 2017: Security at the edge
 
NGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX: High Performance Load Balancing
NGINX: High Performance Load Balancing
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s Vault
 
Altitude SF 2017: Advanced VCL: Shielding and Clustering
Altitude SF 2017: Advanced VCL: Shielding and ClusteringAltitude SF 2017: Advanced VCL: Shielding and Clustering
Altitude SF 2017: Advanced VCL: Shielding and Clustering
 
Nginx - Tips and Tricks.
Nginx - Tips and Tricks.Nginx - Tips and Tricks.
Nginx - Tips and Tricks.
 

Similaire à Unity Makes Strength

Unity Makes Strength SOURCE Dublin 2013
Unity Makes Strength SOURCE Dublin 2013Unity Makes Strength SOURCE Dublin 2013
Unity Makes Strength SOURCE Dublin 2013Xavier Mertens
 
PowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue KidPowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue KidMatthew Johnson
 
Protect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying TechniquesProtect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying TechniquesLeo Loobeek
 
Immutable Deployments with AWS CloudFormation and AWS Lambda
Immutable Deployments with AWS CloudFormation and AWS LambdaImmutable Deployments with AWS CloudFormation and AWS Lambda
Immutable Deployments with AWS CloudFormation and AWS LambdaAOE
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Sysdig
 
On the Edge Systems Administration with Golang
On the Edge Systems Administration with GolangOn the Edge Systems Administration with Golang
On the Edge Systems Administration with GolangChris McEniry
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class Chris Gates
 
Год в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участияГод в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участияdefcon_kz
 
Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?HackIT Ukraine
 
Sensu and Sensibility - Puppetconf 2014
Sensu and Sensibility - Puppetconf 2014Sensu and Sensibility - Puppetconf 2014
Sensu and Sensibility - Puppetconf 2014Tomas Doran
 
Bz backtrack.usage
Bz backtrack.usageBz backtrack.usage
Bz backtrack.usagedjenoalbania
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 
Lessons from Driverless AI going to Production
Lessons from Driverless AI going to ProductionLessons from Driverless AI going to Production
Lessons from Driverless AI going to ProductionSri Ambati
 
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
They Ought to Know Better: Exploiting Security Gateways via Their Web InterfacesThey Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfacesmichelemanzotti
 
2014-07-31 customer convergence applied scap
2014-07-31 customer convergence applied scap2014-07-31 customer convergence applied scap
2014-07-31 customer convergence applied scapShawn Wells
 
2014 04-17 Applied SCAP, Red Hat Summit 2014
2014 04-17 Applied SCAP, Red Hat Summit 20142014 04-17 Applied SCAP, Red Hat Summit 2014
2014 04-17 Applied SCAP, Red Hat Summit 2014Shawn Wells
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device InsecurityJeremy Brown
 

Similaire à Unity Makes Strength (20)

Unity makes strength
Unity makes strengthUnity makes strength
Unity makes strength
 
Unity Makes Strength SOURCE Dublin 2013
Unity Makes Strength SOURCE Dublin 2013Unity Makes Strength SOURCE Dublin 2013
Unity Makes Strength SOURCE Dublin 2013
 
PowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue KidPowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue Kid
 
Protect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying TechniquesProtect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying Techniques
 
Immutable Deployments with AWS CloudFormation and AWS Lambda
Immutable Deployments with AWS CloudFormation and AWS LambdaImmutable Deployments with AWS CloudFormation and AWS Lambda
Immutable Deployments with AWS CloudFormation and AWS Lambda
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
 
On the Edge Systems Administration with Golang
On the Edge Systems Administration with GolangOn the Edge Systems Administration with Golang
On the Edge Systems Administration with Golang
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
 
Год в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участияГод в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участия
 
Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?
 
Sensu and Sensibility - Puppetconf 2014
Sensu and Sensibility - Puppetconf 2014Sensu and Sensibility - Puppetconf 2014
Sensu and Sensibility - Puppetconf 2014
 
Us 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimesUs 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimes
 
Bz backtrack.usage
Bz backtrack.usageBz backtrack.usage
Bz backtrack.usage
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
 
Lessons from Driverless AI going to Production
Lessons from Driverless AI going to ProductionLessons from Driverless AI going to Production
Lessons from Driverless AI going to Production
 
ISSA Siem Fraud
ISSA Siem FraudISSA Siem Fraud
ISSA Siem Fraud
 
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
They Ought to Know Better: Exploiting Security Gateways via Their Web InterfacesThey Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
 
2014-07-31 customer convergence applied scap
2014-07-31 customer convergence applied scap2014-07-31 customer convergence applied scap
2014-07-31 customer convergence applied scap
 
2014 04-17 Applied SCAP, Red Hat Summit 2014
2014 04-17 Applied SCAP, Red Hat Summit 20142014 04-17 Applied SCAP, Red Hat Summit 2014
2014 04-17 Applied SCAP, Red Hat Summit 2014
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device Insecurity
 

Plus de Xavier Mertens

FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)Xavier Mertens
 
FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018Xavier Mertens
 
HTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionHTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionXavier Mertens
 
HTTP For the Good or the Bad
HTTP For the Good or the BadHTTP For the Good or the Bad
HTTP For the Good or the BadXavier Mertens
 
Developers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusDevelopers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusXavier Mertens
 
Building A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail ScannerBuilding A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail ScannerXavier Mertens
 
$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE EditionXavier Mertens
 
Automatic MIME Attachments Triage
Automatic MIME Attachments TriageAutomatic MIME Attachments Triage
Automatic MIME Attachments TriageXavier Mertens
 
$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015Xavier Mertens
 
Malware Analysis Using Free Software
Malware Analysis Using Free SoftwareMalware Analysis Using Free Software
Malware Analysis Using Free SoftwareXavier Mertens
 
Because we are just humans
Because we are just humansBecause we are just humans
Because we are just humansXavier Mertens
 
You have a SIEM! And now?
You have a SIEM! And now?You have a SIEM! And now?
You have a SIEM! And now?Xavier Mertens
 
What are-you-investigate-today? (version 2.0)
What are-you-investigate-today? (version 2.0)What are-you-investigate-today? (version 2.0)
What are-you-investigate-today? (version 2.0)Xavier Mertens
 
The BruCO"NSA" Network
The BruCO"NSA" NetworkThe BruCO"NSA" Network
The BruCO"NSA" NetworkXavier Mertens
 
What Will You Investigate Today?
What Will You Investigate Today?What Will You Investigate Today?
What Will You Investigate Today?Xavier Mertens
 
Social Networks - The Good and the Bad
Social Networks - The Good and the BadSocial Networks - The Good and the Bad
Social Networks - The Good and the BadXavier Mertens
 

Plus de Xavier Mertens (20)

FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)
 
FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018
 
HTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionHTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC Edition
 
HTTP For the Good or the Bad
HTTP For the Good or the BadHTTP For the Good or the Bad
HTTP For the Good or the Bad
 
Developers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusDevelopers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from Venus
 
Building A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail ScannerBuilding A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail Scanner
 
$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition
 
Automatic MIME Attachments Triage
Automatic MIME Attachments TriageAutomatic MIME Attachments Triage
Automatic MIME Attachments Triage
 
$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015
 
$HOME Sweet $HOME
$HOME Sweet $HOME$HOME Sweet $HOME
$HOME Sweet $HOME
 
Secure Web Coding
Secure Web CodingSecure Web Coding
Secure Web Coding
 
Malware Analysis Using Free Software
Malware Analysis Using Free SoftwareMalware Analysis Using Free Software
Malware Analysis Using Free Software
 
Because we are just humans
Because we are just humansBecause we are just humans
Because we are just humans
 
You have a SIEM! And now?
You have a SIEM! And now?You have a SIEM! And now?
You have a SIEM! And now?
 
What are-you-investigate-today? (version 2.0)
What are-you-investigate-today? (version 2.0)What are-you-investigate-today? (version 2.0)
What are-you-investigate-today? (version 2.0)
 
The BruCO"NSA" Network
The BruCO"NSA" NetworkThe BruCO"NSA" Network
The BruCO"NSA" Network
 
What Will You Investigate Today?
What Will You Investigate Today?What Will You Investigate Today?
What Will You Investigate Today?
 
Mobile Apps Security
Mobile Apps SecurityMobile Apps Security
Mobile Apps Security
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
Social Networks - The Good and the Bad
Social Networks - The Good and the BadSocial Networks - The Good and the Bad
Social Networks - The Good and the Bad
 

Dernier

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Dernier (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Unity Makes Strength

  • 1. Unity Makes Strength BSidesAthens 2017 - Xavier Mertens
  • 2. <profile>
 <name>Xavier Mertens</name>
 <aka>Xme</aka>
 <jobs>
 <day>Freelancer</day>
 <night>Blogger, ISC Handler, Hacker</night>
 </jobs>
 <![CDATA[
 www.truesec.be
 blog.rootshell.be
 isc.sans.edu
 www.brucon.org
 ]]>
 </profile> Follow
 me!
  • 3.
  • 4. “Did you turn it off and on again?”
  • 5. Agenda • Some facts • Current situation • Toolbox • Examples 5
  • 7. Belgique, België, Belgien But with a very complicated political landscape! 7
  • 8. Belgian Motto “L’union fait la force” (“Unity Makes Strength”) 8
  • 9. And Infosec? Why not apply this to our security infrastructures? 9
  • 10. Agenda • Some facts • Classic Situation • Toolbox • Examples 10
  • 11. Initial Situation Firewall IDS Proxy Malware Analysis Action Action Action Action 11
  • 12. Then Came the god “SIEM” Firewall IDS Proxy Malware Analysis Logs Logs Logs Logs Centralized Logging Solutions / SIEM 12
  • 13. Weaknesses? • Independent solutions • Static configurations • Only logs are centralized • No global protection • Useful data not shared • Real-time protection not easy 13
  • 14. Teams Must Share Too! 14
  • 15. The Value of Data • IP addresses • User names (!) • URLs • Domains • Digests (MD5, SHA1, etc) 15
  • 16. Multiple Sources • Online repositories • Internal resources • Automatic process 16
  • 18. Back to the Roots • REXX is a scripting language
 invented by IBM. • ARexx was implemented in
 AmigaOS in 1987. • Allow applications having an
 ARexx interface to
 communicate to exchange
 data. 18
  • 19. RTFM! • Security is a big market ($$$) • The “Microsoft Office” effect
 (<10% of features really used) • Invest time to learn how your
 products work. • Be a hacker: Learn how it work
 and make it work like you want. 19
  • 20. A True Story…(1)(2) During a meeting with $VENDOR_A, the presales guy proposed a new solution to intercept SSL traffic. Later, the engineer explained that the $VENDOR_B’s product could perfectly handle the traffic just by activating the feature “x” and redirecting traffic to $VENDOR_A’s appliance. Still remembering the face of the presales guy… Priceless! 20 (1) Names have been changed to protect the innocents (2) More info could be disclosed during the after party :-)
  • 21. BackdoorsAPI’s • CLI • WebAPI (JSON, XML) • Databases • Scripting languages • Serial console 21
  • 22. Protocols / Formats • HTTP(S) • JSON, XML, … • TFTP • SSH • SNMP • IF-MAP 22
  • 23. Lazy people or Optimization? 23 “A lazy sysadmin is the best admin” - Anonymous
  • 24. Automation is the Key • Python|Perl|Bash|… • Expect! use Expect; my $e = Expect->new(); my $c = “ssh $user@$host”; $e = Expect->spawn($c) or die “No SSH?”; $e->Expect($timeout, [ qr’password: $’, sub { my $fh = shift; print $fh $passwordn”; } ] 24
  • 25. A New Architecture Firewall IDS Proxy Malware Analysis Logs Logs Logs Logs Centralized Logging Solutions / SIEM 25 Action Action Action Action Toolbox
  • 26. Agenda • Some facts • Current situation • Toolbox • Examples 26
  • 27. HTTPS • Generate an API key
 
 https://10.0.0.1/api/?type=keygen&user=foo&password=bar • Submit XML requests
 
 https://10.0.0.1/api/? type=config&key=xxx&action=set&xpath=/config/device/ entry[@name=localhost]/vsys/entry[@name=vsys1]/address/ entry[@name=NewHost]&element=<ip-netmask>192.168.0.1</ ip-netmask><description>Test</description> 27
  • 28. Snort-Rules Generator • Lot of Security tools accept Snort rules use Snort::Rule my $rule = Snort::Rule->new( -action => ‘alert’, -proto => ‘tcp’, -src => ‘10.0.0.1’, -sport => ‘any’, -dst => ‘any’, -dport => ‘any’, ); $rule->opts(‘msg’, ‘Detect traffic from 10.0.1’); $rule->opts(‘sid’, ‘666666’); 28
  • 29. IF-MAP • Open standard to allow authorized devices to publish/search relevant information • Information could be • IP • Login • Location (devices) 29
  • 30. IF-MAP use Ifmap; use Ifmap::Util; my $r=Ifmap::Request::NewSession->new(); my $ip=Ifmap::Identifier::IpAddress->new(ip_address, ‘10.0.0.1’); my $mac=Ifmap::Identifier::MacAddress->new(mac_address, ‘aa:bb:cc:dd:ee:ff’); my $id = Ifmap::Identifier::Identity->new(name=> ‘john’, type=>‘username’); my $meta=Ifmap::Metadata::Element->new(name=>‘name’, value=‘employee’); 30
  • 31. SNMP $ snmpset 10.0.1 Pr1v4t3 .1.3.6.1.4.1.9.2.1.53.10.0.2 acl.tmp 31 • SNMP can be used to push configuration changes • Example: • Router 10.0.0.1 will pull the access-list “acm.tmp” from TFTP server 10.0.0.2
  • 32. TCL event manager applet Interface_Event event syslog pattern “.*UPDOWN.*FastEthernet0/1.* changed state to .*” event 1.0 cli command “tclsh flash:notify.tcl” 32 • Cisco devices have a framework called EEM: “Embedded Event Manager” • Example: • The router may communicate information based on its status
  • 33. The Conductor • OSSEC • Log Management • Active-Response • Powerful alerts engine 33
  • 34. Action? Reaction! • Example of OSSEC rule <rule id=”100101” level=”5” frequency=”5” timeframe=”60”> <match>access denied</match> <group>invalid_login,</group> </rule> <active-response> <command>ad-block-user</command> <location>local</location> <rules_id>100101</rules_id> </active-response> 34
  • 35. Agenda • Some facts • Current situation • Toolbox • Examples 35
  • 36. <warning> Some slides contain examples based on open source as well as v€ndor$ solutions. No affiliation ahead! </warning> 36
  • 37. Online Resources • DNS-BH
 $ wget -N http://dns-bh.sagadc.org/domains.txt • Google SafeBrowsing use Net::Google::SafeBrowsing2; use Net::Google::SafeBrowsing2:::Sqlite; my gsb = Net::Google::SafeBrowsing2->new( key => “xxx”, storage => Net::Google::SafeBrowsing2::Sqlite- >new(file => “google.db”) ); $gsb->update(); my $match = $gsb->lookup(url => “http://evil.com”); if ($match eq MALWARE) { ... } 37
  • 38. Dynamic Firewall Config • FireEye malware analysis box • Firewalls • Checkpoint • PaloAlto • IPtables • <insert your preferred fw $VENDOR here> 38
  • 39. 39 Dynamic Firewall Config (*) (*) Replace “Palo Alto” with your favourite $VENDOR
  • 40. Dynamic User Blacklist • Syslog Concentrator • OSSEC • SSL VPN • LDAP directory 40
  • 41. Dynamic User Blacklist $ ldapmodify -D ‘cn=admin’ -w ‘pass’ dn:uid=jdoe,o=acme.org changetype: modify replace:userpassword userpassword:newpass 41
  • 42. Hunting for Samples • Postfix • Bro • Viper • Cuckoo • MISP 42
  • 44. Hunting for Malicious Files • MISP • OSSEC • mof.py (“MISP OSSEC Feeder”) 44
  • 45. Hunting for Malicious Files 45 # # OSSEC RootCheck IOC generated by MOF (MISP OSSEC Feeder) # https://github.com/xme/ # # Generated on: Mon Jul 11 22:06:56 2016 # MISP url: https://misp.home.rootshell.be/ # Wayback time: 30d # [MISP_2073] [any] [Packrat: Seven Years of a South American Threat Actor] r:HKLMSOFTWAREMicrosoftActive; r:HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRunPolicies; r:HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunmsconfig; [MISP_2200] [any] [Click-Fraud Ramdo Malware Family Continues to Plague Users] r:HKCUSOFTWAREAdobeAcrobat Reader14.0GlobalsLastLoggedOnProvider; r:HKCUSOFTWAREAdobeAcrobat Reader14.0GlobalsIconUnderline; r:HKCUSOFTWAREAdobeAcrobat Reader14.0GlobalsHangDetect; r:HKCUSOFTWAREAdobeAcrobat Reader14.0GlobalsLastProgress; r:HKCUSOFTWAREAdobeAcrobat Reader14.0GlobalsShowTabletKeyboard; r:HKCUSoftwareMicrosoftWindowsCurrentVersionRunBluetoothManage; [MISP_2210] [any] [Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom] f:%USERPROFILE%AppDataRoamingFrfx; f:%USERPROFILE%AppDataRoamingFrfxfirefox.exe; f:%USERPROFILE%AppDataLocalDrpbx; f:%USERPROFILE%AppDataLocalDrpbxdrpbx.exe; f:%USERPROFILE%AppDataRoamingSystem32Work; f:%USERPROFILE%AppDataRoamingSystem32WorkAddress.txt; f:%USERPROFILE%AppDataRoamingSystem32Workdr; f:%USERPROFILE%AppDataRoamingSystem32WorkEncryptedFileList.txt;
  • 47. MySQL Self-Defense • MySQL Server • MySQL Proxy • lib_mysqludf_log 47
  • 49. Controls • Security first! • Strong controls must be implemented • Authentication/Authorization • Could break your compliance • Use an OoB network • Risk of DoS! 49
  • 50. Controls • RFC1918 • Alexa Ranking List • Top local sites • admin logins • Your domains, IP addresses 50
  • 51. Conclusions • Don’t buy just “a box” • RTFM • Control • Take time to optimise your time (be lazy!) 51
  • 52. Thank You! Questions? Shoot or… Στην υγειά σας! 52