among the blind the squinter rules
play

Among the blind, the squinter rules. Security visualization in the - PowerPoint PPT Presentation

Nov 11, 2023 •235 likes •768 views

Among the blind, the squinter rules. Security visualization in the field About me Wim Remes .Ernst and Young Belgium (ITRA FSO) .Incident Response/Analysis .Security Monitoring (SIEM) .Security Management .Eurotrash podcast .InfosecMentors

  1. Among the blind, the squinter rules. Security visualization in the field

  2. About me Wim Remes .Ernst and Young Belgium (ITRA FSO) .Incident Response/Analysis .Security Monitoring (SIEM) .Security Management .Eurotrash podcast .InfosecMentors @wimremes on twitter wremes-at-gmail-dot-com

  3. Disclaimer The opinions and ideas expressed in this talk are my own and are not endorsed by any corporate entity or church.

  4. Agenda 1. tools can [save|kill] your day 2. visualization hall of fail 3. please your audience 4. tips & tricks 5. Let’s get to work

  5. -1- Tools can [save|kill] your day

  6. What tools can I use ? cool kids use this (not!)

  7. What tools can I use ? - Desktop - Server

  8. Security tools will help ... PS : export to CSV works well ... try it for a 5000+ host network ;)

  9. credit where credit is due ...

  10. this is going in the right direction...

  11. Open source it is then ... grep sed awk perl ... http://www.secviz.org kudos to @zrlram

  12. -2- visualization hall of fail

  13. PIE It ’ s what ’ s in your face

  14. whoa, I take the biggest piece !

  15. Even the best can fail...

  16. sometimes however, they rock ...

  17. to explain simple stuff ;-)

  18. “if bullet points are the obvious killers, pie charts are shurikens”

  19. 3D ?

  20. failing in style ...

  21. playing hide and seek ?

  22. we have to raise the bar or maybe not ...

  23. -3- please your audience

  24. Changing the tune keeps people engaged picture by tochis :http://www.flickr.com/photos/tochis/

  25. Many eyes see different things picture by tochis :http://www.flickr.com/photos/tochis/

  26. you’re the designer

  27. who’s that for ? Management Technical Historical (Near) Real Time Comparative More complex Supporting Decisions Facilitating the job & Business Objectives Actionable! Clear & Concise Actionable ! 42

  28. -4- tips & tricks

  29. Zen master of data visualization Edward Tufte data can be beautiful! data should be beautiful!

  30. Dashboard design guru Stephen Few “The sad thing about dancing bearware is that most people are quite satisfied with the lumbering beast.” Alan Cooper, 1999, the inmates are running the asylum.

  31. sparklines (aka datawords)

  32. Infographs 5 6 7 8 9 10 11 12 13 courtesy of ZoneAlarm (by Checkpoint)

  33. choose your chart wisely http://www.flickr.com/photos/amit-agarwal/3196386402/

  34. Get data from external sources - osvdb.org - datalossdb.org - various industry reports - Verizon DBIR - EY GISS - Trustwave, McAfee, Symantec, ... - virustotal.com - cvedetails.com context creates clarity

  35. 让我们作的更好 (let’s make things better) Vulnerabilities by Severity Level 5 3D? 4 3 2 1 0 25 50 75 100 compared to ? last year? last month?

  36. Messy Dashboards (1/5)

  37. Messy Dashboards (2/5) network status

  38. Messy Dashboards (3/5) Events/Second 1500 1125 750 375 0 12:00 12:10 12:20 12:30 12:40 12:50 13:00

  39. Messy Dashboards (4/5) Top attackers 10.10.10.10 192.168.10.234 172.30.12.15 8.8.8.8 Top targets 172.16.12.30 172.16.12.15 172.16.12.230 172.16.12.120

  40. Messy Dashboards (5/5) Local Network - Inbound bytes 4000 3000 2000 1000 0 9:00 10:00 11:00 12:00 13:00

  41. server health network status Windows Unix Network Events/Second Major Events 1500 worms 1125 portscans 750 failed logins 375 FTP 0 12:00 12:10 12:20 12:30 12:40 12:50 13:00 0 15 30 45 60 Top attackers Top targets 10.10.10.10 172.16.12.30 192.168.10.234 172.16.12.15 172.30.12.15 172.16.12.230 8.8.8.8 172.16.12.120 Local Network - Inbound bytes 4000 3000 2000 1000 0 9:00 10:00 11:00 12:00 13:00

  42. 3,1415926535897932384626433832

  43. Blink...Understand DE NL BE CN US US US Great Lakes KEYWEB TimeNet VolumeDrive EuroAccess RoadRunner ISPSYSTEM-AS Comnet AS

  44. Ok, we can still say it with pie NL CN BE DE US

  45. -4- let’s get to work

  46. Davix | gltail ruby | real time | logs http://www.fudgie.org/ http://dataviz.com.au/blog/Visualizing_VOIP_attacks.html

  47. Davix | afterglow credit: David Bernal Michelena http://www.honeynet.org/challenges/2010_5_log_mysteries

  48. (extra) perl | chart director http://www.secviz.org/content/top-ssh-brute-force-attackers

  49. Google Charts API http://code.google.com/apis/chart/ http://search.cpan.org/dist/URI-GoogleChart/

  50. jquery libraries http://jquery.com/ http://omnipotent.net/jquery.sparkline/ http://www.jqplot.com/

  51. Conclusions - We need data standardization badly - Understand your data - We need to think outside the box - There’s more to visualization than pie charts - There’s tools out there: use them wisely

  52. Thank you wremes@gmail.com - @wimremes

Recommend

N. Healing two blind men and a deaf mute Matthew 9:27 34 1. Matthew 9:27 These blind

N. Healing two blind men and a deaf mute Matthew 9:27 34 1. Matthew 9:27 These blind

N. Healing two blind men and a deaf mute Matthew 9:27 34 1. Matthew 9:27 These blind men called to Jesus using the Messianic title Son of David . Matthew implied that these blind men saw more than the Pharisees and other national leaders

639 views • 27 slides
A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks

A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks

A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks databases into reveal l information by way of the success or failure of injected querie ies Analogous example le: Login prompt that stops ps

602 views • 14 slides
CANADIANS WHO ARE BLIND, DEAF-BLIND, AND PARTIALLY- SIGHTED Keith D Gordon Ph.D. Senior

CANADIANS WHO ARE BLIND, DEAF-BLIND, AND PARTIALLY- SIGHTED Keith D Gordon Ph.D. Senior

THE IMPACT OF THE COVID-19 PANDEMIC ON CANADIANS WHO ARE BLIND, DEAF-BLIND, AND PARTIALLY- SIGHTED Keith D Gordon Ph.D. Senior Research Officer Canadian Council of the Blind COVID-19 Impact Survey Objective To determine the impact that

822 views • 36 slides
Blind/Visually Impaired Silvia Ludena Veronica Sarabia Katie Stoddard Huong Vo Blind/Visually

Blind/Visually Impaired Silvia Ludena Veronica Sarabia Katie Stoddard Huong Vo Blind/Visually

Blind/Visually Impaired Silvia Ludena Veronica Sarabia Katie Stoddard Huong Vo Blind/Visually Impaired Any loss of ability to gather information by seeing might be considered a visual impairment Total Blindness - vision Legally blind - is the

1.19k views • 42 slides
Visual disability Low vision 2015 Estimated blind people 2020 Visually impaired 285 M Blind

Visual disability Low vision 2015 Estimated blind people 2020 Visually impaired 285 M Blind

Visual disability Low vision 2015 Estimated blind people 2020 Visually impaired 285 M Blind 54 M Blind 39 M Global data souce: WHO, IBU See the world through the eyes of a visually impaired person Normal vision Cataract Glaucoma

562 views • 28 slides
Blind Beamforming using Randomly Distributed Sensors Kung Yao UCLA DARPA CSP Workshop, Jan. 15,

Blind Beamforming using Randomly Distributed Sensors Kung Yao UCLA DARPA CSP Workshop, Jan. 15,

Blind Beamforming using Randomly Distributed Sensors Kung Yao UCLA DARPA CSP Workshop, Jan. 15, 2001 Outline Introduction to blind beamforming array Different usages of blind beamforming arrays Applications 1. Acoustic source

301 views • 19 slides
Nanocrafter Xylem vs. r pl r lv r pl r lv r pl r lv + d - d - d + d BLIND BLIND RATINGS

Nanocrafter Xylem vs. r pl r lv r pl r lv r pl r lv + d - d - d + d BLIND BLIND RATINGS

Nanocrafter Xylem vs. r pl r lv r pl r lv r pl r lv + d - d - d + d BLIND BLIND RATINGS BLIND RATINGS CHOICE Compute desired win rate using players rating BLIND RATINGS Compute desired win rate using players rating Compute

670 views • 51 slides
On The Security of Unique- Witness Blind Signature Schemes December 2013 ASIACRYPT, Bangalore,

On The Security of Unique- Witness Blind Signature Schemes December 2013 ASIACRYPT, Bangalore,

On The Security of Unique- Witness Blind Signature Schemes December 2013 ASIACRYPT, Bangalore, India Foteini Baldimtsi, Anna Lysyanskaya 2 Blind Signatures [Chaum'82] Blind signatures are a special type of digital signatures. Signer is

439 views • 33 slides
Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler September 4,

Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler September 4,

Blind Signatures Ecash Fair Exchange Blind Coinswaps Tokens Conclusion Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler September 4, 2018 Blind Signatures in Scriptless Scripts Jonas Nick

374 views • 22 slides
Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler February 17,

Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler February 17,

Blind Signatures Ecash Fair Exchange Blind Coinswaps Tokens Conclusion Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler February 17, 2019 Blind Signatures in Scriptless Scripts Jonas Nick

607 views • 24 slides
Strengthened Security for Blind Signatures David Pointcheval Laboratoire dInformatique

Strengthened Security for Blind Signatures David Pointcheval Laboratoire dInformatique

Strengthened Security for Blind Signatures David Pointcheval Laboratoire dInformatique Ecole Normale Suprieure David.Pointcheval@ens.fr http://www.dmi.ens.fr/pointche Strengthened Security for Blind Signatures Summary Blind

370 views • 9 slides
Selection Rules: Selection Rules Each of the spectroscopies have associated selection

Selection Rules: Selection Rules Each of the spectroscopies have associated selection

Selection Rules: Selection Rules Each of the spectroscopies have associated selection rules. Selection rules originate from the quantum mechanical description of electromagnetic radiation interaction with matter. Use time-dependent

424 views • 13 slides
Blind Brooks Vision Promote the continuous intellectual, social and emotional growth of all

Blind Brooks Vision Promote the continuous intellectual, social and emotional growth of all

S TUDENT A SSESSMENT B LIND B ROOK -R YE UFSD November 9, 2016 Blind Brooks Vision Promote the continuous intellectual, social and emotional growth of all students in the Blind Brook school system. 2 The Learning Cycle Curriculum

483 views • 29 slides
The Case for Accessible Digital Images Jen Hale, Archivist, Perkins School for the Blind 2 2

The Case for Accessible Digital Images Jen Hale, Archivist, Perkins School for the Blind 2 2

1 The Case for Accessible Digital Images Jen Hale, Archivist, Perkins School for the Blind 2 2 Workshop for Adults Who Are Blind, South Boston A man sits caning a chair suspended in front of him by a pedestal with a clamp. He wears two

346 views • 5 slides
Blind Spots Restricting Views of Sikhi Landscapes In the aftermath of the tragic Wisconsin

Blind Spots Restricting Views of Sikhi Landscapes In the aftermath of the tragic Wisconsin

Blind Spots Restricting Views of Sikhi Landscapes In the aftermath of the tragic Wisconsin shooting, many questions were raised from the 'outsiders' in terms of the Sikh religion, its basic tenets, beliefs, etc. Rather than looking at the blind

349 views • 6 slides
Blind galaxy survey images Deconvolution with Shape Constraint Jean-Luc Starck

Blind galaxy survey images Deconvolution with Shape Constraint Jean-Luc Starck

Blind galaxy survey images Deconvolution with Shape Constraint Jean-Luc Starck http://jstarck.cosmostat.org Collaborators: Morgan Schmitz Fred Nole Fadi Nammour Weak Gravitational Lensing & Blind Deconvolution - Part I: Introduction to

723 views • 58 slides
Old and New Algorithms for Blind Deconvolution Yair Weiss Hebrew University of Jerusalem joint

Old and New Algorithms for Blind Deconvolution Yair Weiss Hebrew University of Jerusalem joint

Old and New Algorithms for Blind Deconvolution Yair Weiss Hebrew University of Jerusalem joint work with Anat Levin, WIS (thanks to Meir Feder, EE, TAU) Blind Deblurring y = x * k Much Recent Progress (Fergus et al. 06, Cho et al. 07,

409 views • 22 slides
Association Rules Data Mining and Exploration: Association Rules Itemsets, association rules

Association Rules Data Mining and Exploration: Association Rules Itemsets, association rules

Association Rules Data Mining and Exploration: Association Rules Itemsets, association rules Amos Storkey, School of Informatics Frequency, accuracy APRIORI algorithm Comments on Association Rules February 7, 2006 Reading: HMS

480 views • 4 slides
Semi-blind deconvolution in 4Pi-microscopy Robert St uck Institute for numerical and applied

Semi-blind deconvolution in 4Pi-microscopy Robert St uck Institute for numerical and applied

Semi-blind deconvolution in 4Pi-microscopy Semi-blind deconvolution in 4Pi-microscopy Robert St uck Institute for numerical and applied mathematics University of G ottingen 24.07.2009 Semi-blind deconvolution in 4Pi-microscopy outline

745 views • 27 slides
The Convex Geometry of Blind Deconvolution Dominik Stger Technische Universitt Mnchen

The Convex Geometry of Blind Deconvolution Dominik Stger Technische Universitt Mnchen

The Convex Geometry of Blind Deconvolution Dominik Stger Technische Universitt Mnchen Department of Mathematics July 12, 2019 Joint work Felix Krahmer (TUM), Funded by the DFG in the context of SPP 1798 CoSIP Blind deconvolution in

552 views • 27 slides
Subspace-based Blind Identification of IIR Systems Outline Motivation Contributions omez 1 Juan

Subspace-based Blind Identification of IIR Systems Outline Motivation Contributions omez 1 Juan

MLSP 2006 Subspace-based Blind Identification of IIR Systems Outline Motivation Contributions omez 1 Juan Carlos G Problem Formulation < jcgomez@fceia.unr.edu.ar > Blind ID Enrique Baeyens 2 Simulation Results <

705 views • 28 slides
MEDIA DISRUPTION SEEING BEYOND SEEING BEYOND SEEING BEYOND SEEING BEYOND LED BY THE BLIND

MEDIA DISRUPTION SEEING BEYOND SEEING BEYOND SEEING BEYOND SEEING BEYOND LED BY THE BLIND

MEDIA DISRUPTION SEEING BEYOND SEEING BEYOND SEEING BEYOND SEEING BEYOND LED BY THE BLIND HACKING VISUAL CULTURE W/ THE GLAD SCIENTIST Daniel Eric Carlos Hector Alberto Sabio CLOSE YOUR EYES AND LISTEN IMAGINE as minutes as hours as

916 views • 54 slides
Joint Blind Deconvolution and Blind Demixing via Nonconvex Optimization Shuyang Ling Department

Joint Blind Deconvolution and Blind Demixing via Nonconvex Optimization Shuyang Ling Department

Joint Blind Deconvolution and Blind Demixing via Nonconvex Optimization Shuyang Ling Department of Mathematics, UC Davis July 19, 2017 Shuyang Ling (UC Davis) FOCM, Barcelona, 2017 July 19, 2017 1 / 28 Acknowledgements Research in

564 views • 33 slides
Exams Rules and Responsibilities Ten rules and tips for making sure you get the result you

Exams Rules and Responsibilities Ten rules and tips for making sure you get the result you

Exams Rules and Responsibilities Ten rules and tips for making sure you get the result you deserve During an exam you will be subject to the rules of your school or college, and also to the rules of the Joint Council for Qualifications (JCQ).

787 views • 14 slides

More recommend