activated charcoal
play

Activated Charcoal Making Sense of Endpoint Data Company - PowerPoint PPT Presentation

Jul 11, 2023 •203 likes •828 views

Powered by Activated Charcoal Making Sense of Endpoint Data Company Confidential Greg Foss Sarah Miller Head of Global Security Operations Threat Intelligence Analyst LogRhythm Carbon Black The Endpoint is the new Perimeter The easiest

  1. Powered by Activated Charcoal Making Sense of Endpoint Data Company Confidential

  2. Greg Foss Sarah Miller Head of Global Security Operations Threat Intelligence Analyst LogRhythm Carbon Black

  3. The Endpoint is the new Perimeter

  4. The easiest path into any network… Company Confidential

  5. Social Engineering Nothing like a little pretext to get people to click on your links… Company Confidential

  6. Phishing • 91% of ‘advanced’ attacks began with a phishing email • or similar social engineering tactics. http://www.infosecurity-magazine.com/view/29562/91-of- • apt-attacks-start-with-a-spearphishing-email/ 2014 Metrics • Average cost per breach => $3.5 million • 15% Higher than the previous year • http://www.ponemon.org/blog/ponemon-institute- • releases-2014-cost-of-data-breach-global-analysis Company Confidential

  7. Drive By Downloads, Malvertizing, and Watering Hole Attacks Image Source: Company Confidential https://blog.kaspersky.com/what-is-malvertising/5928/

  8. Company Confidential

  9. Training is Critical to Success

  10. Key Focus Areas: • Employees Image Source: http://www.cloudpro.co.uk/hr/5803/gov-offers-hr-workers-free-cyber-security-training Company Confidential

  11. End User Tips - Phishing Company Confidential

  12. All You Need is + Company Confidential

  13. Shortened URL Tracking Company Confidential

  14. Feedback Loop Company Confidential

  15. Testing and Validation

  16. Rogue Wi-Fi Network – Threat Simulation Company Confidential

  17. USB Drop – Training Exercise : Case Study Company Confidential

  18. Building a Believable Campaign Use realistic files with somewhat realistic data Staged approach to track file access and exploitation Company Confidential

  19. “Nobody’s going to an an exe from some random USB” - Greg Yep… They ran it... Company Confidential

  20. Now we have our foothold… Fortunately they didn’t run this as an admin Company Confidential

  21. Company Confidential

  22. Key Focus Areas: • Employees • IT Staff • Roles and Responsibilities • Incident Response Duties • Configuration Monitoring • Malware Removal • Security Infrastructure Company Confidential

  23. Key Focus Areas: • Employees • IT Staff • Security Staff • Table Top and Red vs Blue Exercises • Threat Simulation Leads to Process Improvement • Announced vs Unannounced Simulations or Penetration Testing Company Confidential

  24. Purple Team FTW! • Employees • IT Staff • Security Staff • Table Top and Red vs Blue Exercises • Threat Simulation Leads to Process Improvement • Announced vs Unannounced Simulations or Penetration Testing Company Confidential

  25. Key Focus Areas: • Employees • IT Staff • Security Staff • Leadership Company Confidential

  26. Key Focus Areas: • Employees • IT Staff • Security Staff • Leadership • Processes and Procedures Company Confidential

  27. Continuous Monitoring and Detection

  28. Automating OSINT and Response API Integration SecOps Infrastructure Domain Tools Netflow / IDS Passive Total Firewalls VirusTotal Proxy / DNS SIEM Cisco AMP ThreatGRID Endpoint Company Confidential

  29. Company Confidential

  30. Malware Beaconing Company Confidential

  31. Company Confidential

  32. Malware Beaconing Company Confidential

  33. Correlate Network / Log Activity with Endpoint Data Company Confidential

  34. Macro Phishing Attacks • Common • Bypasses Most AV • Heavily Obfuscated • Newer attacks targeting Office 365 Company Confidential

  35. Macro Attack Detection Company Confidential

  36. Full Command Line Details Company Confidential

  37. Full Command Line Details Company Confidential

  38. Be Careful – Don’t Jump To Conclusions… Company Confidential

  39. Centralized Logging and Event Management

  40. Company Confidential

  41. Threat Feed Configuration Company Confidential

  42. Full Event Alerting Company Confidential

  43. Syslog Only Company Confidential

  44. Tuning Feeds Company Confidential

  45. Watchlist Configuration Company Confidential

  46. Carbon Black Event Forwarder LogRhythm => Use LEEF Format https://github.com/carbonblack/cb-event-forwarder Company Confidential

  47. Dashboards and Investigations

  48. Company Confidential

  49. Company Confidential

  50. Company Confidential

  51. Company Confidential

  52. Company Confidential

  53. Company Confidential

  54. Long Tail Analysis Strange activity can bubble to the surface when viewing the whole picture Company Confidential

  55. Company Confidential

  56. Company Confidential

  57. Taking it a Step Further…

  58. Additional Integration Alarming Trigger on Specific Watch List Hits Company Confidential

  59. Additional Integration Alarming Admin Tracking Company Confidential

  60. Additional Integration Alarming Admin Tracking Reporting Company Confidential

  61. Additional Integration Alarming Admin Tracking Reporting Automation Perform Actions Based on Alarms Observed Company Confidential

  62. Thank You! QUESTIONS? Greg Foss Sarah Miller Greg . Foss [at] LogRhythm . com SMiller [at] CarbonBlack . com @heinzarelli @beyazfar3 Company Confidential

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Vegetal Charcoal Vegetal Charcoal Vegetal Charcoal Vegetal Charcoal We, can make up with the

Vegetal Charcoal Vegetal Charcoal Vegetal Charcoal Vegetal Charcoal We, can make up with the

Vegetal Charcoal Vegetal Charcoal Vegetal Charcoal Vegetal Charcoal We, can make up with the name you want, as in this case we made for ARO Vegetal Charcoal From Venezuela Description: Charcoal obtained from wood of hard consistency from natural

540 views • 8 slides
Natural Charcoal Tablets TM Natural Charcoal Tablets Freshness, with a touch of Heritage

Natural Charcoal Tablets TM Natural Charcoal Tablets Freshness, with a touch of Heritage

TM TM Natural Charcoal T ablets Natural Charcoal Tablets Presenting TM Natural Charcoal Tablets TM Natural Charcoal Tablets Freshness, with a touch of Heritage Safety, with added Convenience Irfaz brings to you an exclusive range of

294 views • 16 slides
Smart Charcoal Tablets from Malaysia Smart Charcoal Tablets from Malaysia Freshness, with a

Smart Charcoal Tablets from Malaysia Smart Charcoal Tablets from Malaysia Freshness, with a

TM Natural Charcoal T ablets Smart Charcoal Tablets from Malaysia Presenting Smart Charcoal Tablets from Malaysia Smart Charcoal Tablets from Malaysia Freshness, with a touch of Heritage Safety, with added Convenience Irfaz brings to you

690 views • 16 slides
Premium Charcoal Tablets from Malaysia Premium Charcoal Tablets from Malaysia Freshness, with a

Premium Charcoal Tablets from Malaysia Premium Charcoal Tablets from Malaysia Freshness, with a

TM Natural Charcoal T ablets Premium Charcoal Tablets from Malaysia Presenting Premium Charcoal Tablets from Malaysia Premium Charcoal Tablets from Malaysia Freshness, with a touch of Heritage Safety, with added Convenience Irfaz brings

373 views • 16 slides
Investigation of Charcoal Production Methods Investigation of Charcoal Production Methods for

Investigation of Charcoal Production Methods Investigation of Charcoal Production Methods for

Investigation of Charcoal Production Methods Investigation of Charcoal Production Methods for Sajalices for Sajalices The Mangrove Charcoal Sustainability Engineers for Sajalices Wilbel Brewer (wjbrewer@mtu.edu) Aaron Cypher

365 views • 19 slides
Metallurgy and the Industrial Revolustion By: Tyler Linza Charcoal was originally used in

Metallurgy and the Industrial Revolustion By: Tyler Linza Charcoal was originally used in

Metallurgy and the Industrial Revolustion By: Tyler Linza Charcoal was originally used in smelting Although charcoal kinda worked, it didn t get as hot as coal Charcoal has a combustion temp of up to 1,300 degrees while coal has

213 views • 8 slides
The environm ental, econom ic and social co-benefits of charcoal substitution by bioethanol in

The environm ental, econom ic and social co-benefits of charcoal substitution by bioethanol in

The environm ental, econom ic and social co-benefits of charcoal substitution by bioethanol in Malaw i and Mozam bique Anne Wanjiru Nyambane ESPA FELLOW INCEPTION WORKSHOP-10 th July 2014-London I ntroduction Demand for charcoal is on the

273 views • 9 slides
Problems Our Solution: Green Charcoal Produced from agricultural waste 65% cheaper than

Problems Our Solution: Green Charcoal Produced from agricultural waste 65% cheaper than

Problems Our Solution: Green Charcoal Produced from agricultural waste 65% cheaper than charcoal from wood Burns cleaner and longer Usable in any cook stove Business Model Demand Exceeds Supply EFA is currently supply constrained

63 views • 5 slides
The best equipment For the charcoal production Impex Trading Production LLC has been

The best equipment For the charcoal production Impex Trading Production LLC has been

The best equipment For the charcoal production Impex Trading Production LLC has been manufacturing equipment for charcoal production since 2012 year. During this time our company has become the only company in the world that produces such an

272 views • 13 slides
Use of ac)vated CHARcoal in Poisoned Pa)ents (CHARPP Program)

Use of ac)vated CHARcoal in Poisoned Pa)ents (CHARPP Program)

Use of ac)vated CHARcoal in Poisoned Pa)ents (CHARPP Program) Maude St-Onge, Emmanuel Charbonney, Michal Chass, Guillaume Lacombe, Franois Lamontagne,

780 views • 43 slides
MICROSCOPY and ACTIVATED SLUDGE PROCESS CONTROL Mackenzie L. Davis MWEA Process Seminar

MICROSCOPY and ACTIVATED SLUDGE PROCESS CONTROL Mackenzie L. Davis MWEA Process Seminar

MICROSCOPY and ACTIVATED SLUDGE PROCESS CONTROL Mackenzie L. Davis MWEA Process Seminar November 2015 CREDITS Activated Sludge Microscopy Notes & Thoughts The ultimate objective of activated sludge microscopy is to identify

1.18k views • 60 slides
Soil Vapour Forum- Charcoal Tubes and Miscellaneous Sampling Methods Right solutions.

Soil Vapour Forum- Charcoal Tubes and Miscellaneous Sampling Methods Right solutions.

ANALYTICAL CHEMISTRY & TESTING SERVICES Soil Vapour Forum- Charcoal Tubes and Miscellaneous Sampling Methods Right solutions. presented by Kari Mulroy .Right partner ANALYTICAL CHEMISTRY & TESTING SERVICES Charcoal Tubes

565 views • 17 slides
Study of the infmuence of the intrinsic parameters of charcoal pellets and relative humidity on

Study of the infmuence of the intrinsic parameters of charcoal pellets and relative humidity on

Study of the infmuence of the intrinsic parameters of charcoal pellets and relative humidity on compressive strength and moisture adsorption Philippe Bernard HIMBANE PhD student Department of Physics University Assane Seck of Ziguinchor /

510 views • 19 slides
Treatment of Emerging Contaminants with Activated Persulfate Philip Block, PhD FMC Corporation

Treatment of Emerging Contaminants with Activated Persulfate Philip Block, PhD FMC Corporation

Treatment of Emerging Contaminants with Activated Persulfate Philip Block, PhD FMC Corporation Agenda Brief overview of persulfate chemistry PFOA and PFOS 1,4-dioxane Metals (mercury and arsenic) Activated Persulfate Chemistry

362 views • 25 slides
Critical density for Activated Random Walk Lorenzo Taggi Max Planck Institute for Mathematics in

Critical density for Activated Random Walk Lorenzo Taggi Max Planck Institute for Mathematics in

Critical density for Activated Random Walk Critical density for Activated Random Walk Lorenzo Taggi Max Planck Institute for Mathematics in the Sciences Leipzig, Germany June 24, 2014 1 Critical density for Activated Random Walk Outline 1

612 views • 29 slides
Introduction to REDD+ Plantations and Charcoal Production in Thailand 2014 JICA Training for

Introduction to REDD+ Plantations and Charcoal Production in Thailand 2014 JICA Training for

Economic and Climate Benefits from Utilization of Unused Farmlands for Eucalyptus Introduction to REDD+ Plantations and Charcoal Production in Thailand 2014 JICA Training for NAMA/MRV (Low Carbon City Planning) 2014 ISSAAS International Congress

699 views • 25 slides
Nitrification and Denitrification Urea is promptly hydrolyzed in sewers by an enzyme urease

Nitrification and Denitrification Urea is promptly hydrolyzed in sewers by an enzyme urease

SOURCES OF AMMONIA in Wastewaters 1. Urea a main component of urines is abundant in domestic sewage. Urea is a nitrogen organic compound with two amino groups: H 2 NCONH 2 Nitrification and Denitrification Urea is promptly hydrolyzed in sewers

106 views • 7 slides
CHAPTER 6 : CELL GROWTH KINETICS: BATCH & CONTINUOUS CULTURES [Page 133] Shuler, M. L. and

CHAPTER 6 : CELL GROWTH KINETICS: BATCH & CONTINUOUS CULTURES [Page 133] Shuler, M. L. and

By: Puan Nurul Ain Harmiza 1 CHAPTER 6 : CELL GROWTH KINETICS: BATCH & CONTINUOUS CULTURES [Page 133] Shuler, M. L. and Kargi. (2002). Bioprocess Engineering: Basic Concept. 2 nd Ed. Upper Saddle River, NJ: Prentice Hall PTR PTT203:

878 views • 84 slides
GINKGOMED COMPANY TEACHING SLIDES MICROBIOLOOGY MB01001 Bateria types:

GINKGOMED COMPANY TEACHING SLIDES MICROBIOLOOGY MB01001 Bateria types:

GINKGOMED COMPANY TEACHING SLIDES MICROBIOLOOGY MB01001 Bateria types: coccus, bacillus, spirillum; MB01011 smear. Proteus vuigaris, showing flagella, smear. MB01002 MB01012 Staphylococcus aureus, Gram+, smear. Clostridium

468 views • 4 slides
Backyard Composting By Shannon Choquette ECO AmeriCorps member, NEKWMD What is composting?

Backyard Composting By Shannon Choquette ECO AmeriCorps member, NEKWMD What is composting?

Backyard Composting By Shannon Choquette ECO AmeriCorps member, NEKWMD What is composting? Dictionary.com: A mixture of decayed organic matter used to fertilize soil. All organic materials will go through the process of decomposition. When

440 views • 10 slides
Emergency Medicine Topics Jahan Fahimi, MD, MPH Assistant Professor of Clinical Emergency

Emergency Medicine Topics Jahan Fahimi, MD, MPH Assistant Professor of Clinical Emergency

UCSF Family Medicine Board Review Emergency Medicine Topics Jahan Fahimi, MD, MPH Assistant Professor of Clinical Emergency Medicine University of California, San Francisco jahan.fahimi@ucsf.edu No financial disclosures Case 1 A 20 yo M

1.54k views • 109 slides
KamLAND Experience Masayuki Koga RCNS Tohoku University ANT11 Philadelphia Environment Rn

KamLAND Experience Masayuki Koga RCNS Tohoku University ANT11 Philadelphia Environment Rn

KamLAND Experience Masayuki Koga RCNS Tohoku University ANT11 Philadelphia Environment Rn concentration in the kamioka mine natural ventilation stable temperature ~15 degC enough water supply ~10 degC water appear at

165 views • 15 slides
Commissioning of LArGe Gas / Liquid A. Gangapshev M. Heisel A. Klimenko S. Schnert A.

Commissioning of LArGe Gas / Liquid A. Gangapshev M. Heisel A. Klimenko S. Schnert A.

Commissioning of LArGe Gas / Liquid A. Gangapshev M. Heisel A. Klimenko S. Schnert A. Smolnikov G. Zuzel GERDA Collaboration Meeting, 1 LNGS, 1-3 March 2010 GERDA Collaboration Meeting, LNGS, March 2010 Reminder: The LArGe Setup

145 views • 14 slides
Focus of todays lecture Electroreduction and indirect oxidation processes, and their use

Focus of todays lecture Electroreduction and indirect oxidation processes, and their use

4/25/2019 Dr. Ljiljana Rajic ELECTROCHEMICAL PROCESSES FOR WATER TREATMENT: ELECTROREDUCTION AND ELECTROSORPTION 1 Focus of todays lecture Electroreduction and indirect oxidation processes, and their use for groundwater treatment

321 views • 20 slides

More recommend