blockade io
play

Blockade.IO One-click browser defense Who Am I? VP of Product for - PowerPoint PPT Presentation

Jan 01, 2024 •440 likes •725 views

Blockade.IO One-click browser defense Who Am I? VP of Product for RiskIQ Former analyst focused on automation Creator of various security tools PassiveTotal (now with RiskIQ) - Analyst platform to research threats

  1. Blockade.IO One-click browser defense

  2. Who Am I? VP of Product for RiskIQ ● Former analyst focused on automation ● ● Creator of various security tools PassiveTotal (now with RiskIQ) - Analyst platform to research threats ○ HyperTotal - Virustotal submitter ID research ○ PDF X-RAY - Platform to analyze PDFs and collaborate ○ Various small scripts and other one-off tools ○ Coffee roaster ●

  3. One of the most dynamic ● applications bundled with operating systems Web Browsers Everybody has one

  4. One of the most dynamic ● applications bundled with operating systems Used by all audiences from least ● Web Browsers technical to most technical Everybody has one

  5. One of the most dynamic ● applications bundled with operating systems Used by all audiences from least ● Web Browsers technical to most technical Increasingly becoming more and ● more powerful with new Everybody has one functionality

  6. One of the most dynamic ● applications bundled with operating systems Used by all audiences from least ● Web Browsers technical to most technical Increasingly becoming more and ● more powerful with new Everybody has one functionality Act as a vehicle for most modern ● attacks

  7. Web Browsers Weaknesses Core technology stack and plug-ins ● Exploitation of the browser, plug-ins or both pose issues ○ Limited means to control where users go ● Requires hosted DNS, network interception or local agents ○ ● Serve as a vehicle for other attacks Inbound links from email, shows user a web page or auto-exploits ○ Offer up downloads that may contain malicious exploits ○ Difficult to understand what’s loaded as you browse ● Modern-day web pages make hundreds of requests to build a page ○ ○ Websites can dynamically change based on headers, location, etc. They are ingrained in our everyday lives ● We use web browsers so often, it’s hard to maintain a level of vigilance ○

  8. Personal ● User may have money stolen from ○ bank accounts or lose personal information ○ Files could be encrypted and held Attack Success for ransom Corporate ● Attack may pivot further into the ○ Impact is relative to the subject of corporate network and steal company assets the compromise Civil Society ● ○ User may reveal sensitive contacts Could result in detainment or worse ○

  9. Personal ● User may have money stolen from ○ bank accounts or lose personal information ○ Files could be encrypted and held Attack Success for ransom Corporate ● Attack may pivot further into the ○ Impact is relative to the subject of corporate network and steal company assets the compromise Civil Society ● ○ User may reveal sensitive contacts Could result in detainment or worse ○

  10. iPad Demo 10 This is a subtitle placeholder This is a feature This is a feature Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer non est in enim placerat varius. Maecenas tempus massa eget ex consequat, ut rhoncus urna dignissim. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer non Who’s worked with activists, journalists or NGOs? est in enim placerat varius. Maecenas tempus massa eget ex consequat, ut rhoncus urna dignissim. freegoogleslidestemplates.com FGST

  11. Details to Consider Compromises have real-world impacts (arrests, physical attack, etc.) ● Success may be getting location coordinates, gathering contacts or planting evidence in order to ○ create a set of false charges for detainment Total attack surface could simply be one individual, not an organization ● ○ This may involve a physical component as well (i.e. send message when user leaves) General lack of funding, technology resources, time, subject matter expertise ● Core focus is the mission - helping constituents ○ Education becomes a critical resource for defending against attacks ○

  12. Initial Problem Case The Citizen Lab was observing a high-rate of phishing attempts against Tibetan groups from suspected Chinese state-sponsored actors. Email accounts were being compromised and stolen data was reused to target and exploit close contacts. Awareness needed to be raised across multiple non-profits without any central technology contacts. ● Requirements for success Solution needed to be cross-platform as much as possible ○ Solution needed to require little-to-no change in user behavior ○ Solution needed to scale with little money or technology ○ Solution needed to allow for collaboration ○ Solution needed to block specific resources deemed malicious ○ Solution needed to send data back to a central location ○ Solution needed to be open source ○

  13. Several iterations later...

  14. Blockade.IO : Suite for Browser Defense Browser Extension that can install with one-click ● Automatically updates, allows for federated nodes, capable of blocking threats ○ Cloud Node that can run on micro VPS or via serverless infrastructure ● Can be stood up within minutes using docker or code checkout ○ Offers administrator API and analyst APIs to manage indicators ○ Analyst Tool Bench that can publish and interact with cloud nodes ● ○ Pre-hashes content sent to the cloud nodes to avoid data leaks Built-in screening and checks so whitelisted items aren’t blocked ○

  16. #1 Cloud nodes are installed locally or users gain access to public instances ● Malicious and suspicious indicators are stored inside of the nodes ● Analyst tool bench or admin API can be used to handle this ○ Indicators can be hashed by users or will be hashed when processed ● Avoids issues where someone doesn’t want to share a sensitive indicator ○ ○ No need for cloud nodes or extensions to understand the raw indicator

  17. #2 Browser extension is installed within the user’s web browser ● Extensions come default configured to use public cloud nodes, but others can be added ○ ○ Database sync is performed automatically Deployment can be controlled through GPOs or master preferences ○ ● Browsers get a copy of a hashed set of indicators If small enough, data is stored within local storage ○ If too big, data is stored in memory (checks in place to keep in sync) ○

  18. #3 Extension leverages exposed browser APIs to monitor traffic ● webRequest.onBeforeRequest is used to intercept all network requests prior any packet leaving the ○ web browser (includes DNS prefetch and asynchronous requests) Request resources are parsed, hashed and checked against the local database ● If there’s a match, communications are redirected to local pages advising the user of the resource ○ In the event the request is part of a website, a pop-up will notify the user ○

  20. #4 Details related to the blocking event are recorded and sent back to the cloud ● Optional email address can be included in order to get in contact with the user ○ ○ Allows analysts to investigate the threat further with context Built-in context menu that allows analysts to submit indicators while browsing ● Data is sent directly to the selected cloud node, processed and push back down to the extension ○

  21. Collection of data created by the extension and information collected from Chrome on the running environment. Note, the indicator is public in the payload since we obtained it via the network interception.

  22. Alternative Deployment Strategy

  23. Demo

  24. Isn’t this just Google Safe Browsing (GSB)? Yes, it’s similar, but with a few distinct benefits ● Blockade is open source and freely available to anyone Blockade is not backed by a product company ● You control the indicators, users, management, etc. ○ ● Blockade is targeted to only what’s in the database Blockade can feed data back to the operators ● Blockade requires nearly no change to user behavior to function ●

  25. State of the Project Presently in a beta state and used by a few targeted groups ● The Citizen Lab & Security Without Borders ○ Looking for more analysts to contribute targeted indicators via API ● Event data from browser hits will be shared and made available ○ ● Looking for analysts or organizations to host their own cloud node Potential alternative to deliver intelligence to users in near real-time ○ Looking for activists, journalists, and other volunteers for testing ● ● Looking for developers to assist Adding more capabilities for administrators and analysts ○ Porting the extension over to FireFox ○ Explore the Code: https://github.com/blockadeio/

  26. Getting Access Chrome Extension - https://github.com/blockadeio/chrome_extension ● Website - https://github.com/blockadeio/website ● ● Analyst Toolbench - https://github.com/blockadeio/analyst_toolbench Cloud Node - https://github.com/blockadeio/cloud_node ● Firefox Extension - Coming soon ● If you want to help, send mail to info@blockade.io or submit a pull request

  27. Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

PD-1/PD-L1 Blockade in NHL Carmelo Carlo-Stella, MD

PD-1/PD-L1 Blockade in NHL Carmelo Carlo-Stella, MD

PD-1/PD-L1 Blockade in NHL Carmelo Carlo-Stella, MD Department of Biomedical Sciences, Humanitas University, Rozzano, Italy Department of Oncology and

375 views • 16 slides
Ex Vivo Profiling of PD-1 Blockade Using Organotypic Tumor Spheroids Developing a Functional

Ex Vivo Profiling of PD-1 Blockade Using Organotypic Tumor Spheroids Developing a Functional

Ex Vivo Profiling of PD-1 Blockade Using Organotypic Tumor Spheroids Developing a Functional Precision Medicine Platform for Immuno-Oncology Russell W. Jenkins, MD PhD Clinical Fellow/Instructor Massachusetts General Hospital Cancer Center

326 views • 22 slides
Coulomb Blockade of Stochastic Permeation in Biological Ion Channels W.A.T. Gibby 1 I.Kh. Kaufman

Coulomb Blockade of Stochastic Permeation in Biological Ion Channels W.A.T. Gibby 1 I.Kh. Kaufman

Outline Coulomb Blockade of Stochastic Permeation in Biological Ion Channels W.A.T. Gibby 1 I.Kh. Kaufman 1 D.G. Luchinsky 1 , 2 .V.E. McClintock 1 R.S. Eisenberg 3 P 1 Department of Physics, Lancaster University, UK 2 Mission Critical

697 views • 21 slides
Effect of Angiotensin II Type I Receptor Blockade on Carotid Artery Atherosclerosis: A Double

Effect of Angiotensin II Type I Receptor Blockade on Carotid Artery Atherosclerosis: A Double

Effect of Angiotensin II Type I Receptor Blockade on Carotid Artery Atherosclerosis: A Double Blind Randomized Clinical Trial Comparing Valsartan and Placebo The EFFERVESCENT Study Ronnie Ramadan , Ayman Khoder, Saurabh S. Dhawan, Jos N

407 views • 23 slides
Quantum Transport through Coulomb-Blockade Systems Bj orn Kubala Institut f ur

Quantum Transport through Coulomb-Blockade Systems Bj orn Kubala Institut f ur

Quantum Transport through Coulomb-Blockade Systems Bj orn Kubala Institut f ur Theoretische Physik III Ruhr-Universit at Bochum COQUSY06 p.1 Overview Motivation Single-electron box/transistor Coupled single-electron

287 views • 26 slides
The bright side of Coulomb blockade: Radiation from a Josephson junction in the single Cooper

The bright side of Coulomb blockade: Radiation from a Josephson junction in the single Cooper

The bright side of Coulomb blockade: Radiation from a Josephson junction in the single Cooper pair regime Max Hofheinz, Fabien Portier, Carles Altimiras, Patrice Roche, Philippe Joyez, Patrice Bertet, Denis Vion, Daniel Estve Quantronics +

710 views • 36 slides
Aldo sterone Receptor Blockade in D iastolic H eart F ailure The Aldo-DHF Trial Frank Edelmann,

Aldo sterone Receptor Blockade in D iastolic H eart F ailure The Aldo-DHF Trial Frank Edelmann,

ESC Munich, Aug 26, 2012 Hot Line I Press Conference Aldo sterone Receptor Blockade in D iastolic H eart F ailure The Aldo-DHF Trial Frank Edelmann, M.D., Rolf Wachter, M.D., Albrecht Schmidt, M.D., Elisabeth Kraigher- Krainer,M.D., Caterina

521 views • 8 slides
New drugs bypassing the anti-EGFR blockade Vanesa Gregorc Thoracic Oncology, Melanoma and Head

New drugs bypassing the anti-EGFR blockade Vanesa Gregorc Thoracic Oncology, Melanoma and Head

New drugs bypassing the anti-EGFR blockade Vanesa Gregorc Thoracic Oncology, Melanoma and Head and Neck Area Coordinator Department of Oncology, Division of Experimental Medicine, San Raffaele Scientific Institute Heterogeneous acquired

288 views • 26 slides
The breakdown of photon blockade: a fjrst-order dissipative quantum phase transition cloud-based

The breakdown of photon blockade: a fjrst-order dissipative quantum phase transition cloud-based

The breakdown of photon blockade: a fjrst-order dissipative quantum phase transition cloud-based simulation of open quantum systems Andrs Vukics Wigner Research Centre for Physics, Budapest GPU Day 2020 Budapest, 20 October 2020 Quantum

554 views • 29 slides
Sugammadex versus conventional neuromuscular blockade reversal on surgical throughput times: a

Sugammadex versus conventional neuromuscular blockade reversal on surgical throughput times: a

Sugammadex versus conventional neuromuscular blockade reversal on surgical throughput times: a retrospective review David Gajewski, PharmD PGY1 Resident david.gajewski@hcamidwest.com Research Medical Center Research Medical Center

159 views • 11 slides
Current through a very small conductor nano HUB .org online simulations and more 2 /

Current through a very small conductor nano HUB .org online simulations and more 2 /

CQT Lecture #4 nano HUB .org online simulations and more Unified Model for U: Self-consistent Quantum Transport CQT, Lecture#4: Field (SCF) Coulomb blockade and Fock space Far from Equilibrium Objective: s To illustrate the limitations

281 views • 25 slides
Therapeutic Approaches to Chronic Kidney DiseaseBeyond the RAS Despite improvements in

Therapeutic Approaches to Chronic Kidney DiseaseBeyond the RAS Despite improvements in

Therapeutic Approaches to Chronic Kidney DiseaseBeyond the RAS Despite improvements in glycemia and BP control, and the efficacy of RAS blockade, a substantial number of patients will progress to ESRD. This finding is consistent

543 views • 12 slides
YES Antonio M. Risitano, M.D., Ph.D. Hematology Department of Biochemistry and Medical

YES Antonio M. Risitano, M.D., Ph.D. Hematology Department of Biochemistry and Medical

The 1st World Congress on Controversies in Hematology Rome, September 4th Do the benefits of complement blockade extend to all patients with PNH clone? YES Antonio M. Risitano, M.D., Ph.D. Hematology Department of Biochemistry and Medical

501 views • 29 slides
1 Nigrostriatal pathway EPSs Stahl S M, Essential 11-4 Psychopharmacology (2000) Blockade of

1 Nigrostriatal pathway EPSs Stahl S M, Essential 11-4 Psychopharmacology (2000) Blockade of

M1 1 H1 conventional antipsychotic drug D2 Stahl S M, Essential 11-7 Psychopharmacology (2000) pure D2 blocker Stahl S M, Essential 11-2 Psychopharmacology (2000) Mesocortical pathway Increase in negative symptoms Stahl S M,

443 views • 7 slides
CUBAN SPECIAL PERIOD DURING PEACETIME EFFECTS ON CUBAN AGRICULTURE AND HEALTH David

CUBAN SPECIAL PERIOD DURING PEACETIME EFFECTS ON CUBAN AGRICULTURE AND HEALTH David

CUBAN SPECIAL PERIOD DURING PEACETIME EFFECTS ON CUBAN AGRICULTURE AND HEALTH David Shatto HISTORY PEAK OIL TREND ARTIFICIAL NUMBERS 18 Began in 1991 Dissolution of USSR 13.5 Economic Blockade of Cuba by US Ships

314 views • 29 slides
America Joins the Fight: World War I 1917-1918 United States Neutrality throughout the early

America Joins the Fight: World War I 1917-1918 United States Neutrality throughout the early

America Joins the Fight: World War I 1917-1918 United States Neutrality throughout the early days of the war (1914-17), the US continued to trade with both sides blockade the British imposed a _________________ against Germany and expanded

174 views • 5 slides
BUSINESS MODEL APRIL 30, 2014 Jim Sullivan TRANSFORMING YOUR BUSINESS THROUGH IMPACT

BUSINESS MODEL APRIL 30, 2014 Jim Sullivan TRANSFORMING YOUR BUSINESS THROUGH IMPACT

TRANSFORMING THE BUSINESS MODEL APRIL 30, 2014 Jim Sullivan TRANSFORMING YOUR BUSINESS THROUGH IMPACT EVALUATION How does LEO work? Rigorous research Randomized controlled trials (RCTs) Natural Experiments Connecting

811 views • 40 slides
CSE 154 LECTURE 5: FLOATING AND POSITIONING The CSS float property property description float

CSE 154 LECTURE 5: FLOATING AND POSITIONING The CSS float property property description float

CSE 154 LECTURE 5: FLOATING AND POSITIONING The CSS float property property description float side to hover on; can be left, right, or none (default) a floating element is removed from normal document flow underlying text wraps around

477 views • 15 slides
AREF The Wellness Trend Wednesday 1 st May 2019 Slido.com - ref: #H131 Proudly sponsored by:

AREF The Wellness Trend Wednesday 1 st May 2019 Slido.com - ref: #H131 Proudly sponsored by:

To ask questions during this event please search Slido.com into your web-browser and enter the code #H131 AREF The Wellness Trend Wednesday 1 st May 2019 Slido.com - ref: #H131 Proudly sponsored by: Welcome Tom Pinnell Chair of the AREF

589 views • 32 slides
The I VOA Architecture Christophe Arviset (ESA/ ESAC) Head of the Science Archives and Computer

The I VOA Architecture Christophe Arviset (ESA/ ESAC) Head of the Science Archives and Computer

The I VOA Architecture Christophe Arviset (ESA/ ESAC) Head of the Science Archives and Computer Engineering Unit Science Operations Department Chair of the IVOA Technical Coordination Group ADASS XXI, Paris, 8 th November 2011 I VOA

400 views • 19 slides
Bounded-Loss Private Prediction Markets Rafael Frongillo University of Colorado, Boulder Neural

Bounded-Loss Private Prediction Markets Rafael Frongillo University of Colorado, Boulder Neural

Bounded-Loss Private Prediction Markets Rafael Frongillo University of Colorado, Boulder Neural Information Bo Waggoner Microsoft Research, NYC Processing Systems, December 2018 1 / 74 Prediction markets prediction p (0) learning

302 views • 16 slides
The Learning Problem and Regularization Tomaso Poggio 9.520 Class 02 February 2011 Tomaso

The Learning Problem and Regularization Tomaso Poggio 9.520 Class 02 February 2011 Tomaso

The Learning Problem and Regularization Tomaso Poggio 9.520 Class 02 February 2011 Tomaso Poggio The Learning Problem and Regularization About this class Theme We introduce the learning problem as the problem of function approximation from

862 views • 51 slides
Probabilistic Graphical Models David Sontag New York University Lecture 12, April 23, 2013

Probabilistic Graphical Models David Sontag New York University Lecture 12, April 23, 2013

Probabilistic Graphical Models David Sontag New York University Lecture 12, April 23, 2013 David Sontag (NYU) Graphical Models Lecture 12, April 23, 2013 1 / 24 What notion of best should learning be optimizing? This depends on what

461 views • 24 slides
Follow the Leader with Dropout Perturbations Tim van Erven COLT, 2014 Joint work with: Wojciech

Follow the Leader with Dropout Perturbations Tim van Erven COLT, 2014 Joint work with: Wojciech

Follow the Leader with Dropout Perturbations Tim van Erven COLT, 2014 Joint work with: Wojciech Kotowski Manfred Warmuth Neural Network Neural Network Dropout Training Stochastic gradient descent Randomly remove every hidden/input

442 views • 20 slides

More recommend