Jasper Bongertz, Airbus CyberSecurity @packetjay Scanning for - PowerPoint PPT Presentation

Sep 16, 2023 •292 likes •380 views

Jasper Bongertz, Airbus CyberSecurity @packetjay Scanning for network IoCs is relatively easy: use an IDS/IPS snort, suricata, commercial appliances Perform live traffic analysis, or from PCAPs @packetjay IDS scan can easily result

Jasper Bongertz, Airbus CyberSecurity @packetjay
Scanning for network IoCs is relatively easy: use an IDS/IPS snort, suricata, commercial appliances Perform live traffic analysis, or from PCAPs @packetjay
IDS scan can easily result in tons of alerts Alerts are often spread over hundreds of PCAPs, containing millions of packets Main challenge : alerts usually contain info about the matching packet only @packetjay
[**] [1:2101201:11] GPL WEB_SERVER 403 Forbidden [**] [Classification: Attempted Information Leak] [Priority: 2] 06/04-02:09:08.142211 81.209.179.120:80 -> 142.4.215.116:56182 TCP TTL:55 TOS:0x14 ID:19599 IpLen:20 DgmLen:412 DF ***A**** Seq: 0xD5D42DAC Ack: 0x3C270191 Win: 0xA580 TcpLen: 32 The newer unified2 format is a binary format, which does not contain the rule name (just the SID, e.g. 1:2101202:11) @packetjay
The challenge is to get the full attack/alert context, e.g. the whole TCP conversation Searching in Wireshark using display filters: Yup, it‘s possible of course but it‘s no fun and it‘s slooooooooow Even with tshark scripting: running over all files again and again for each conversation is not efficient @packetjay
TraceWrangler: www.tracewrangler.com Mail: jasper@packet-foo.com Blog: blog.packet-foo.com Twitter: @packetjay @packetjay

Download Presentation

Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Speech to RIOT Jasper, how is the temperature? Jasper, re-order paper towels. Jasper, set a

Jasper, turn on the fan. Jasper, what's on my calendar today? Speech to RIOT Jasper, how is the temperature? Jasper, re-order paper towels. Jasper, set a timer for 20 minutes. Jasper, play music. Speech to RIOT

509 views • 14 slides

Auditors presentation AGM 16 April 2020 of Airbus SE Introduction and overview Airbus SE

Auditors presentation AGM 16 April 2020 of Airbus SE Introduction and overview Airbus SE Ernst & Young Accountants LLP Scope 2019 Consolidated financial statements plus notes thereto True and fair view: Independent

272 views • 5 slides

ABOUT JASPER CONRAN Jasper Conran, OBE, is a British designer. Having trained at Parsons School

ABOUT JASPER CONRAN Jasper Conran, OBE, is a British designer. Having trained at Parsons School of Design in New York, Jasper Conran produced his fjrst womenswear collection in 1978 and was a founding member of the London Designer Collections

469 views • 30 slides

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity cybersecurity? William J. Perry Martin Casado Keith Coleman Dan Wendlandt MS&E 91SI Spring 2004 Stanford University U.S. National Cybersecurity

79 views • 7 slides

Mars Climate Orbiter Shooting Down of Airbus 320 Purpose: to relay signals 1988 from the

Mars Climate Orbiter Shooting Down of Airbus 320 Purpose: to relay signals 1988 from the Mars Polar US Vicennes shot down Airbus 320 Lander once it reached the surface of the planet Mistook airbus 320 for a F-14 Disaster:

282 views • 9 slides

New Technology Platform Jasper Display Corp. Jasper Display Corp. Confidential Confidential

Jasper Display Corp. New Technology Platform Jasper Display Corp. Jasper Display Corp. Confidential Confidential Page 1 Page 1 BLUE OCEAN STRATEGY Optics & Materials couple electronics, mechanics, productization and mass production

526 views • 25 slides

AIRBUS INVESTOR MEETING LE BOURGET AIRSHOW 2019 Dirk Hoke Chief Executive Officer Airbus

AIRBUS INVESTOR MEETING LE BOURGET AIRSHOW 2019 Dirk Hoke Chief Executive Officer Airbus Defence and Space MARKET ENVIRONMENT We must take charge of Europes destiny, says Chancellor WHERE WE COME FROM Improved Programme Management

332 views • 9 slides

Airbus A380 Airfield Preparedness Prepared for: Citizens Transportation Advisory Committee

Airbus A380 Airfield Preparedness Prepared for: Citizens Transportation Advisory Committee May 25, 2011 Airbus A380 in MIA On March 31, 2011, Lufthansa announced that it will commence daily Airbus A380 service to Miami from

699 views • 40 slides

WHO WE ARE OUR FLEET Interjet fleet Airbus A320 (47 ceo & 3 neo) 50 150 passengers Airbus

WHO WE ARE OUR FLEET Interjet fleet Airbus A320 (47 ceo & 3 neo) 50 150 passengers Airbus A321 (6 ceo & 6 neo) 12 192 passengers SSJ100 22 93 passengers DESTINATIONS Mexico ROUTES MEXICO ACA-MEX BJX-CUN CJS-MEX CUL-TIJ

574 views • 26 slides

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives: Define Cybersecurity & why its important Provide information about Dept. Homeland Security Cybersecurity Campaigns: National

328 views • 22 slides

WE MAKE DIGITAL HUMANS CONTENTS SCANNING 3D EXTRAS - FACIAL SCANNING - HAIR + CLOTH -

WE MAKE DIGITAL HUMANS CONTENTS SCANNING 3D EXTRAS - FACIAL SCANNING - HAIR + CLOTH - BODY SCANNING - REAL-TIME INTEGRATION MODELLING/TEXTURING - LIGHTING + RENDERING - CAMERA ANIMATION - MODELLING - HEAD TRACKING -

728 views • 42 slides

Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies

Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies with 1000+ web applications running Move to m -services architectures making things worse Huge shortage of skilled security engineers to

732 views • 48 slides

Indirect Access SCANNING 2 Switch Step Scanning (get/select, move/scan)

3/12/20 Cases & Straps Mounts, stands, clamps. Types of Scanning 1 Switch Automatic Step/Dwell Indirect Access SCANNING 2 Switch Step Scanning (get/select, move/scan) Switches SG SGD Sc Scan an

270 views • 4 slides

Why the dynamic Operator Training Simulator proofs to be an Indispensable Tool Jasper Rutten

Why the dynamic Operator Training Simulator proofs to be an Indispensable Tool Jasper Rutten Huntsman Henk Leegwater OTS Twitter Conference Hashtag: #EMRex Presenters Jasper Rutten Henk Leegwater Introduction Jasper Rutten

959 views • 56 slides

Quantum Computing & Experience with D-Wave system Dr. Thierry Botter 12 April 2018 We are a

Airbus perspective on Quantum Computing & Experience with D-Wave system Dr. Thierry Botter 12 April 2018 We are a worldwide leader in aeronautics, space and related services : We make it fly! Airbus by numbers (end of 2017) Airbus

404 views • 13 slides

Introduction to Static LiDAR Scanning Presented By: Anthony Falbo P.L.S. September 2020 LiDAR

Introduction to Static LiDAR Scanning Presented By: Anthony Falbo P.L.S. September 2020 LiDAR Scanning Overview Scanning background Applications Strengths Weaknesses Scanning Examples Fisher Associates LiDAR = light

610 views • 20 slides

EPICS Base R3.14.11, Whats Next? Andrew Johnson Argonne National Laboratory Base R3.14.11

EPICS Base R3.14.11, Whats Next? Andrew Johnson Argonne National Laboratory Base R3.14.11 Final Release made on August 28 th EPICS Meeting at ICALEPCS 2009 2 Base R3.14.11 Final Release made on August 28 th Bugs fixed:

640 views • 16 slides

Introduction to Symbolic Dynamics Part 3: Sofic shifts Silvio Capobianco Institute of

Introduction to Symbolic Dynamics Part 3: Sofic shifts Silvio Capobianco Institute of Cybernetics at TUT April 28, 2010 Revised: May 11, 2010 ioc-logo Silvio Capobianco (Institute of Cybernetics at TUT) April 28, 2010 1 / 42 Overview

651 views • 42 slides

Optimal Control Solution Mode 1: Training example Cost Map 2-D Learning Planner Y (Path to

11/22/16 X X Learning Y Y (Sensor Data) (Input) (Output) (Path to goal) CSE 571 Inverse Optimal Control (Inverse Reinforcement Learning) Many slides by Drew Bagnell Carnegie Mellon University Optimal Control Solution Mode 1: Training

191 views • 7 slides

Autonomous Navigation CSE 571 Inverse Optimal Control (Inverse Reinforcement Learning) Many

5/25/20 Autonomous Navigation CSE 571 Inverse Optimal Control (Inverse Reinforcement Learning) Many slides by Drew Bagnell Carnegie Mellon University 1 2 Optimal Control Solution X X Learning Y Y Cost Map (Sensor Data) (Input)

489 views • 10 slides

Institute of Coding A brief introduction Overview Concept announced by George Osborne Nov 2015

Institute of Coding A brief introduction Overview Concept announced by George Osborne Nov 2015 Contest launched HEFCE March 2017 (somehow morphed to England) Announced by Prime Minister, Davos Jan 2018 Consortium of

247 views • 20 slides

PANDA PV archiving Alexandru Mario Bragadireanu, Particle Physics Department, IFIN-HH M gurele

PANDA PV archiving Alexandru Mario Bragadireanu, Particle Physics Department, IFIN-HH M gurele PANDA DCS core group meeting, 08 February 2018, e-Zuce PANDA DCS Architecture HESR <-> PANDA magnets -> Experiment services <->

373 views • 19 slides

Annual Report 27 APRIL 2020 Purposes of the 2019 Annual Report SUMMARIZE FINDINGS SOURCE OF

2019 IOC Annual Report 27 APRIL 2020 Purposes of the 2019 Annual Report SUMMARIZE FINDINGS SOURCE OF PUBLIC SUMMARIZE PROJECTS OF THE 2019 AUDIT INFORMATION ABOUT FUNDED WITH SURTAX PURPOSE OF SURTAX DOLLARS IN YEAR 1 Feedback Provided

430 views • 12 slides

State Notation Language and the Sequencer Andrew Johnson APS Engineering Support Division

State Notation Language and the Sequencer Andrew Johnson APS Engineering Support Division October 18th, 2006 SNS EPICS Training Outline What is State Notation Language (SNL) Where it fits in the EPICS toolkit Components of a state

549 views • 38 slides