clearing the brush lessons learned in gutting a cirt and
play

Clearing the Brush: Lessons Learned in Gutting a CIRT and Rebuilding - PowerPoint PPT Presentation

Jan 22, 2023 •30 likes •410 views

Clearing the Brush: Lessons Learned in Gutting a CIRT and Rebuilding with Free Tools Mike La Pilla Slide Warning These are draft slides, not the ones presented Most images have been removed from draft If you are reading these you

  1. Clearing the Brush: Lessons Learned in Gutting a CIRT and Rebuilding with Free Tools Mike La Pilla

  2. Slide Warning • These are draft slides, not the ones presented • Most images have been removed from draft • If you are reading these you should check the FIRST portal for the latest ones

  3. About This Presentation • Everyone Has Their Own Take • Plenty of Papers on This Subject • Focus on Building 10 Essential Tools/Systems – Preferably without spending money

  4. If You Want Organization and Structure • http://first.org/resources/guides/ – CSIRT Setting up Guide – CERT-in-a-box • http://www.sans.org/reading_room/whitepap ers/incident/ • Also stuff on Auscert, CERT/CC, GFIRST, etc

  5. Past vs Present

  6. Past vs Present

  7. Preparation by Preservation • Picture of frozen hard drive

  8. Preparation by Obliteration • Picture of Bar

  9. Know Your Scope • Areas of Response • Actions Allowed • Contact List

  10. Know Your People

  11. Beware of Certifications

  12. Attack Categories

  13. 10 Systems You Need To Build

  14. 1: Automatic Malware Analysis System • Purpose: Automatically process malware samples • Recommended Features: Fast, Exe and DLL, Memory Dumps

  15. 1: Automatic Malware Analysis System

  16. 1: Automatic Malware Analysis System

  17. 2: Automatic JS Analyzer • Purpose: Unpack/Analyze/Interpret Javascript • Recommended Capabilities: Network replay, live site analysis, copy and paste

  18. 2: Automatic JS Analyzer

  19. 3: Automatic Document Analyzer • Purpose: Analyze non-executable documents • Recommended Capabilities: Exploit matching, decompression, javascript/flash parsing

  20. 3: Automatic Document Analyzer

  21. 4: Document Database • Purpose: Archive documents • Recommended Capabilities: Store name, file properties, metadata, link malware info

  22. 4: Document Database

  23. 5: Malware Repository • Purpose: Store malware • Recommended Capabilities: Search, store properties, link to other systems

  24. 5: Malware Repository

  25. 6: IP and Hostname Tracker • Purpose: Track network information over time • Recommended Capabilities: Passive DNS, active checking, search, ASN, GeoIP

  26. 6: IP and Hostname Tracker

  27. 7: Forensics System/Lab • Purpose: Forensic analzye drives, memory • Recommended Capabilities: Scanning, automation, hashing

  28. 7: Forensics System/Lab

  29. 8: Image Repository • Purpose: Replicate machines in production environment

  30. 8: Image Repository

  31. 9: Tiny Tools Server • Purpose: Collection of scripts and tools that increase efficiency

  32. 9: Tiny Tools Server

  33. 10: Documentation Portal • Purpose: Self-explanatory Recommended Capabilities: Revisions, author tracking

  34. 10: Documentation Portal

  35. Final Workflow Diagram

  36. Questions? • mlapilla@netcentrics.com

  37. References

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From

Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From

Protg 2006, July 26th, Stanford I R I S A C 1 R E C Saint-Cyr Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From Ontology Ontology Design Design Ontology Ontology Design Design Jean Andr B

371 views • 12 slides
CIRT C ritical I ncident R esponse T eam What is CIRT? CIRT is the Critical Incident Response Team

CIRT C ritical I ncident R esponse T eam What is CIRT? CIRT is the Critical Incident Response Team

CIRT C ritical I ncident R esponse T eam What is CIRT? CIRT is the Critical Incident Response Team and is comprised of a multidisciplinary group of employees who have volunteered to respond when critical incident stress management (CISM)

466 views • 22 slides
Institutionalizing Lessons Learned October 25, 2006 Loren Plisco Region II Background

Institutionalizing Lessons Learned October 25, 2006 Loren Plisco Region II Background

Institutionalizing Lessons Learned October 25, 2006 Loren Plisco Region II Background SEP 2002 Davis-Besse Lessons Learned Task Force AUG 2004 - Effectiveness Review Lessons Learned Task Force JAN 2005 - EDO Charters

269 views • 22 slides
OSHA Lessons Learned Adam Fries OSHA Compliance Officer February 13, 2018 OSHA Lessons Learned

OSHA Lessons Learned Adam Fries OSHA Compliance Officer February 13, 2018 OSHA Lessons Learned

OSHA Lessons Learned Adam Fries OSHA Compliance Officer February 13, 2018 OSHA Lessons Learned Jobsite Safety and Health Inspections/Audits better known as; PAPER WORK You hate it, Your safety director requires it, OSHA loves it, Does it

926 views • 35 slides
3/8/2019 Epidemiology, Risk Factors, and Outcomes of Pediatric PVD: LESSONS learned from the

3/8/2019 Epidemiology, Risk Factors, and Outcomes of Pediatric PVD: LESSONS learned from the

3/8/2019 Epidemiology, Risk Factors, and Outcomes of Pediatric PVD: LESSONS learned from the Spanish Registry: Lessons Learned from the Registries o Is It possible (and worthy) to do a national registry? Lessons learned from the o

1.16k views • 43 slides
DEBUGGING LESSONS LEARNED WHILE DEBUGGING LESSONS LEARNED WHILE FIXING NETBSD FIXING NETBSD

DEBUGGING LESSONS LEARNED WHILE DEBUGGING LESSONS LEARNED WHILE FIXING NETBSD FIXING NETBSD

DEBUGGING LESSONS LEARNED WHILE DEBUGGING LESSONS LEARNED WHILE FIXING NETBSD FIXING NETBSD ABOUT ME ABOUT ME maya@NetBSD.org coypu@sdf.org NetBSD/pkgsrc for the last 3 years THIS TALK THIS TALK Mix of a bunch of bugs Not solo work

695 views • 31 slides
TWO-GANTRY, FIVE-BRUSH MACHINES Objective NET.5 is a 2-gantry, 5-brush machine remarkable

TWO-GANTRY, FIVE-BRUSH MACHINES Objective NET.5 is a 2-gantry, 5-brush machine remarkable

TWO-GANTRY, FIVE-BRUSH MACHINES Objective NET.5 is a 2-gantry, 5-brush machine remarkable because of its high technological content; it was conceived and constructed to develop a brush washing concept unique in its class. New look The

343 views • 18 slides
1.- How does clearing work? 1 CCP clearing Actors involved Actions Client An

1.- How does clearing work? 1 CCP clearing Actors involved Actions Client An

1.- How does clearing work? 1 CCP clearing Actors involved Actions Client An undertaking with a Provides Initial Margin (IM) to the contractual relationship with a clearing Client1 Client2 ClientN Clearing Member (CM)

687 views • 19 slides
Lessons Learned A Value Added Product of the Project Life Cycle R Gilman April 19, 2006 Agenda

Lessons Learned A Value Added Product of the Project Life Cycle R Gilman April 19, 2006 Agenda

Lessons Learned A Value Added Product of the Project Life Cycle R Gilman April 19, 2006 Agenda Introduction What are Lessons Learned? Value to the Project Process and Organization Keanes Approach to Lessons Learned Keys to

261 views • 24 slides
UNIVERSITY CLEARING 2020 What is clearing? Clearing is how Universities and colleges fill

UNIVERSITY CLEARING 2020 What is clearing? Clearing is how Universities and colleges fill

UNIVERSITY CLEARING 2020 What is clearing? Clearing is how Universities and colleges fill any places they still have on their courses. On average there are 35,000 courses available through clearing. Clearing opened on the 6 th July

363 views • 8 slides
Four Major Events in Our History and the Lessons Learned Coleen Reiswig, Isobel McDonald, Ted

Four Major Events in Our History and the Lessons Learned Coleen Reiswig, Isobel McDonald, Ted

Four Major Events in Our History and the Lessons Learned Coleen Reiswig, Isobel McDonald, Ted Pincock, Carolyn Bouchard Joanne Archer Outline: 1) Common Themes 2) The Event and lessons learned: Spanish Influenza 1918 SARS

417 views • 38 slides
Lessons Learned from Japans NPL Experience Ladies and gentlemen, today I would like to discuss

Lessons Learned from Japans NPL Experience Ladies and gentlemen, today I would like to discuss

Beijing International Finance Forum Chairman Junichi Ujiie 2004/05/19 Lessons Learned from Japans NPL Experience Ladies and gentlemen, today I would like to discuss the lessons to be learned from Japans NPL problems: first, the disposal

344 views • 3 slides
Some lessons learned from Team Science Some lessons learned from Team Science Lewis Cantley Weill

Some lessons learned from Team Science Some lessons learned from Team Science Lewis Cantley Weill

Some lessons learned from Team Science Some lessons learned from Team Science Lewis Cantley Weill Cornell Medical College, New York Presbyterian Hospital Past participation in Team Science Period Period Type of grant Type of grant Role in Grant

380 views • 20 slides
VALUE: Lessons Learned Kate McConnell & Erin Horan Association of American Colleges and

VALUE: Lessons Learned Kate McConnell & Erin Horan Association of American Colleges and

VALUE: Lessons Learned Kate McConnell & Erin Horan Association of American Colleges and Universities Todays session Overview of the MSC Scoring and reporting Lessons learned as related to validity Unintended consequences?

661 views • 40 slides
MDG-SDG TRANSITION IN IVORY COAST: LESSONS LEARNED AND IMPLICATIONS ON CURRENT PUBLIC POLICIES

MDG-SDG TRANSITION IN IVORY COAST: LESSONS LEARNED AND IMPLICATIONS ON CURRENT PUBLIC POLICIES

MDG-SDG TRANSITION IN IVORY COAST: LESSONS LEARNED AND IMPLICATIONS ON CURRENT PUBLIC POLICIES SAKO G. . Oumar CONTENTS I. Context II. Assessment and lessons learned from implemention of MDGs III. Domestication/contextaulisation of SDGs

151 views • 12 slides
FACILITATED BY: Robin Booth, CPA 2 Training Topics Lessons Learned Best Practices

FACILITATED BY: Robin Booth, CPA 2 Training Topics Lessons Learned Best Practices

Office of Housing Counseling Best 9/20/2016 Practices/Lessons Learned - LHCAs U.S. Department of Housing and Urban Development Office of Housing Counseling Best Practices/Lessons Learned LHCAs September 20, 2016 12:00 PM Eastern Standard

569 views • 9 slides
Defeat the Disruption of Assessment at a Distance: Too Much Data, Not Enough Time Alejandra

Defeat the Disruption of Assessment at a Distance: Too Much Data, Not Enough Time Alejandra

Defeat the Disruption of Assessment at a Distance: Too Much Data, Not Enough Time Alejandra Zertuche , MBA, MS Founder and CEO Enflux Dr. Annesha White , PharmD, MS, PhD Associate Dean for Assessment & Accreditation University of North

439 views • 14 slides
Yasunori Nomura UC Berkeley; LBNL Particle physics Try to understand fundamental laws in

Yasunori Nomura UC Berkeley; LBNL Particle physics Try to understand fundamental laws in

Yasunori Nomura UC Berkeley; LBNL Particle physics Try to understand fundamental laws in nature Conventional view / focus energy frontier E Quantum gravity / string theory? Fundamental physics Grand unification? New TeV

698 views • 26 slides
THEIR EFFECTIVE PHYSICS Denis Klevers University of Pennsylvania "New Ideas at the

THEIR EFFECTIVE PHYSICS Denis Klevers University of Pennsylvania "New Ideas at the

F-THEORY FLUXES & THEIR EFFECTIVE PHYSICS Denis Klevers University of Pennsylvania "New Ideas at the Interface of Cosmology and String Theory 17 of March, 2012 Based on: T.W. Grimm, M. Poretschkin, D.K.: arXiv:1202.0285

466 views • 21 slides
t

t

t r sttt rt Pss rst

467 views • 15 slides
Prst r t

Prst r t

Prst r t ttr r rs ttrsrrs

470 views • 42 slides
Improving CG-CAHPS in an Academic Medical Center Rick Evans, MA Senior Vice President &

Improving CG-CAHPS in an Academic Medical Center Rick Evans, MA Senior Vice President &

Improving CG-CAHPS in an Academic Medical Center Rick Evans, MA Senior Vice President & Chief Experience Officer Strategies for Improving CAHPS Clinician & Group (CG-CAHPS) Survey Scores A Webcast Presented by the AHRQ CAHPS User

801 views • 10 slides
Implementing RPKI-based origin validation one country at a time. The Ecuadorian case study.

Implementing RPKI-based origin validation one country at a time. The Ecuadorian case study.

Implementing RPKI-based origin validation one country at a time. The Ecuadorian case study. IETF 89 LONDRES MARCH 2014 Fabin Meja Why and who? BGP origin validation based on RPKI is in early stages of deployment. It is necessary to

314 views • 13 slides
Interaction Vertex Imaging (IVI) for carbon ion therapy monitoring a feasibility study E. Testa 1

Interaction Vertex Imaging (IVI) for carbon ion therapy monitoring a feasibility study E. Testa 1

Ion range verification Interaction Vertex Imaging principles Simulation tools Results Conclusion and perspectives Interaction Vertex Imaging (IVI) for carbon ion therapy monitoring a feasibility study E. Testa 1 , D. Dauvergne 1 , G. Dedes 1

391 views • 16 slides

More recommend