Upload File

hiding in plain sight – protect against bad hashes

  • Home
  • Technology
  • Hiding In Plain Sight – Protect Against Bad Hashes
16
Hiding in Plain Sight: Protect Against Bad Hashes

Upload: tripwire

Post on 14-Aug-2015

240 views

Category:

Technology


0 download

Report

Tags:

TRANSCRIPT

Page 1: Hiding In Plain Sight – Protect Against Bad Hashes

Hiding in Plain Sight: Protect Against Bad Hashes

Page 2: Hiding In Plain Sight – Protect Against Bad Hashes

2

Presenters

Dave Meltzer, Chief Research Officer,

Tripwire

Dayne Cantu, Sr. Systems Engineer, Federal Team Lead,

Tripwire

Page 3: Hiding In Plain Sight – Protect Against Bad Hashes

3

What Happens When You Receive an IoC?

Page 4: Hiding In Plain Sight – Protect Against Bad Hashes

4

Guidance For ActionNIST SP800-150 Draft

Page 5: Hiding In Plain Sight – Protect Against Bad Hashes

5

Headed Towards Standards

Page 6: Hiding In Plain Sight – Protect Against Bad Hashes

6

But Not There Yet…E-mail is the most common source of indicators today

Page 7: Hiding In Plain Sight – Protect Against Bad Hashes

7

Advanced Malware Identification – Identify advanced threats on high risk assets through integration to malware analytics services and appliances using sandbox technology

Monitoring for Peer & Community Sourced IoCs – Automate the forensics investigation and proactive monitoring on high risk assets of indicators of compromise sourced from industry peers and community sources

Monitoring for Commercial Threat Intelligence Service IoCs – Automate the forensics investigation and proactive monitoring on high risk assets of indicators of compromise sourced from tailored commercial threat intelligence services

Use Cases for Threat Intelligence

Page 8: Hiding In Plain Sight – Protect Against Bad Hashes

Use Case 1: Monitoring for Commercial Threat Intelligence Services IoCs

!

THREATDETECTED!

3

NEW INDICATORS1

Search forensics data for previous existence of indicator. Start monitoring for indicator in all new changes.

2

Drive workflow to investigateand remediate system.

4

Threat Intelligence

Provider

Page 9: Hiding In Plain Sight – Protect Against Bad Hashes

Use Case 2: Monitoring for Peer and Community Sourced IoCs

!

THREATDETECTED!

4

IndicatorsFeed

2

Search forensics data for previous existence of indicator. Start monitoring for indicator in all new changes.

3

EnterpriseTAXII Server

PeerTAXII Server

Open Source IntelligenceTAXII Server

ISAC CommunityTAXII Server

Drive workflow to investigateand remediate system.

5

Indicators Feed1Local File Sources

(Flat, CSV, etc)

Page 10: Hiding In Plain Sight – Protect Against Bad Hashes

Use Case 3: Advanced Malware Identification

Next Generation Threat Prevention

Tripwire Enterprise

Agent NEW BINARYFOUND

1

SEND FILE/HASHFOR ANALYSIS

2

!

THREATDETECTED!

3

NEW ADVANCED

THREAT DETECTED

4

Drive workflow to investigateand remediate system.

5

UPDATE THREATPREVENTION RULES

6

Real-time blocking of command & control, exfiltration, and further infections.

7

Cloud or Appliance Sandbox Analytics

Page 11: Hiding In Plain Sight – Protect Against Bad Hashes

11

Page 12: Hiding In Plain Sight – Protect Against Bad Hashes

12

Page 13: Hiding In Plain Sight – Protect Against Bad Hashes

13

Page 14: Hiding In Plain Sight – Protect Against Bad Hashes

14

Page 15: Hiding In Plain Sight – Protect Against Bad Hashes

15

Tripwire Technology Alliance Partner EcosystemANALYTICS & SIEM IT SERVICE MANAGEMENT NERC ALLIANCE NETWORK

NETWORK SECURITY

PLATFORM PARTNERS

SECURITY COMMUNITY PARTNERS

IDENTITY MANAGEMENT

THREAT INTELLIGENCE

Page 16: Hiding In Plain Sight – Protect Against Bad Hashes

tripwire.com | @TripwireInc

Thank you


Hiding in Plain Sight Gender and GM crops

Maria Dakake - Hiding in Plain Sight

Hiding In Plain Sight - Segmenting and Prospect Profiling

daviskinderdaisies.weebly.com  · Web viewGo on a sight word scavenger hunt by hiding flashcards around the house. Scavenger Hunt. Go on a sight word scavenger hunt by hiding flashcards

Threat Insight: Hiding in Plain Sight - Obfuscation Techniques in

Million Hearts: Hiding in Plain Sight Initiative

Hiding in plain sight

Ideas & Issues (MCIsRe/OIe) Hiding in Plain Sight

Hiding in Plain Sight - Service Innovation

CodeStock14: Hiding in Plain Sight

Hiding in Plain Sight - California State University ...csun.edu/sites/default/files/vnr-vpi-actionpaper.pdf1 – Hold an annual conference, perhaps sub-titled “Hiding in Plain Sight

Punk Ode: Hiding Shellcode in Plain Sight Ode Hiding Shellcode in Plain Sight ... Reading symbols from shared object read from target memory ... the time the victim was exploited

11 Digital Dangers Hiding in Plain Sight

Hiding in Plain Sight!

Hiding Data in “Plain Sight” Computer Forensics BACS 371

Hiding in Plain Sight - Public Interactivemediad.publicbroadcasting.net/p/vpr/files/201501/... · Hiding in Plain Sight: ... But in the 21st century, gun-owning Vermonters also go

HIDING IN PLAIN SIGHT: THE UNTAPPED POTENTIAL OF …€¦ · 4 | Hiding in Plain Sight: The Untapped Potential of Emerging Market Small Caps RBC GAM Fundamental Series Relative Value

Hiding in Plain Sight - Open Room in Plain Sight... · The Evolution of Your Network 3 | ©2014Palo Alto Networks. Confidential and Proprietary. What’s Hiding In Plain Sight? VNC

Hiding in Plain Sight: Finding Talent in the Blogosphere

CEACAM5: A CLUE TO CANCER CELLS HIDING IN PLAIN SIGHT

Hiding in Plain Sight - Committee for Economic …spending secret. We are pleased to present this issue brief, Hiding in Plain Sight: The Problem of Transparency in Political Finance,

Hiding Images in Plain Sight: Deep Steganography...Hiding Images in Plain Sight: Deep Steganography Shumeet Baluja Google Research Google, Inc. [email protected] Abstract Steganography

Hiding in plain sight Kate & Michael April 11, 2012

Hiding Images in Plain Sight: Deep Steganographypapers.nips.cc/...hiding-images-in-plain-sight-deep-steganography.pdf · Hiding Images in Plain Sight: Deep Steganography Shumeet Baluja

Acid/Base Properties of Salts Hiding in plain sight

Hiding in Plain Sight: Adversarial Neural Net Facial

A System for Hiding Steganography in Plain Sight · A System for Hiding Steganography in Plain Sight Andreas Toftegaard Kongens Lyngby 2016. ... the project implements a plugin for

Hiding in Plain Sight: A Case Study of a Cinema History

Hiding in plain sight the growth of cybercrime in social media

Hiding in Plain Sight: Unleashing the Power of Blocks And Procs

Traditional knowledge hiding in plain sight – twenty-first

HIDING IN PLAIN SIGHT: THE UNTAPPED POTENTIAL OF …global.rbcgam.com/.../documents/pdf/whitepapers/hiding-in-plain-sig… · Hiding in Plain Sight: The Untapped Potential of Emerging

Hiding in plain sight? Disguised compliance by terrorist

Hiding in plain sight = Putin's War in Ukraine

Gottschalk Hiding in Plain Sight