clearing the brush lessons learned in gutting a cirt and
play

Clearing the Brush: Lessons Learned in Gutting a CIRT and Rebuilding - PowerPoint PPT Presentation

Jan 22, 2023 •30 likes •410 views

Clearing the Brush: Lessons Learned in Gutting a CIRT and Rebuilding with Free Tools Mike La Pilla Slide Warning These are draft slides, not the ones presented Most images have been removed from draft If you are reading these you

  1. Clearing the Brush: Lessons Learned in Gutting a CIRT and Rebuilding with Free Tools Mike La Pilla

  2. Slide Warning • These are draft slides, not the ones presented • Most images have been removed from draft • If you are reading these you should check the FIRST portal for the latest ones

  3. About This Presentation • Everyone Has Their Own Take • Plenty of Papers on This Subject • Focus on Building 10 Essential Tools/Systems – Preferably without spending money

  4. If You Want Organization and Structure • http://first.org/resources/guides/ – CSIRT Setting up Guide – CERT-in-a-box • http://www.sans.org/reading_room/whitepap ers/incident/ • Also stuff on Auscert, CERT/CC, GFIRST, etc

  5. Past vs Present

  6. Past vs Present

  7. Preparation by Preservation • Picture of frozen hard drive

  8. Preparation by Obliteration • Picture of Bar

  9. Know Your Scope • Areas of Response • Actions Allowed • Contact List

  10. Know Your People

  11. Beware of Certifications

  12. Attack Categories

  13. 10 Systems You Need To Build

  14. 1: Automatic Malware Analysis System • Purpose: Automatically process malware samples • Recommended Features: Fast, Exe and DLL, Memory Dumps

  15. 1: Automatic Malware Analysis System

  16. 1: Automatic Malware Analysis System

  17. 2: Automatic JS Analyzer • Purpose: Unpack/Analyze/Interpret Javascript • Recommended Capabilities: Network replay, live site analysis, copy and paste

  18. 2: Automatic JS Analyzer

  19. 3: Automatic Document Analyzer • Purpose: Analyze non-executable documents • Recommended Capabilities: Exploit matching, decompression, javascript/flash parsing

  20. 3: Automatic Document Analyzer

  21. 4: Document Database • Purpose: Archive documents • Recommended Capabilities: Store name, file properties, metadata, link malware info

  22. 4: Document Database

  23. 5: Malware Repository • Purpose: Store malware • Recommended Capabilities: Search, store properties, link to other systems

  24. 5: Malware Repository

  25. 6: IP and Hostname Tracker • Purpose: Track network information over time • Recommended Capabilities: Passive DNS, active checking, search, ASN, GeoIP

  26. 6: IP and Hostname Tracker

  27. 7: Forensics System/Lab • Purpose: Forensic analzye drives, memory • Recommended Capabilities: Scanning, automation, hashing

  28. 7: Forensics System/Lab

  29. 8: Image Repository • Purpose: Replicate machines in production environment

  30. 8: Image Repository

  31. 9: Tiny Tools Server • Purpose: Collection of scripts and tools that increase efficiency

  32. 9: Tiny Tools Server

  33. 10: Documentation Portal • Purpose: Self-explanatory Recommended Capabilities: Revisions, author tracking

  34. 10: Documentation Portal

  35. Final Workflow Diagram

  36. Questions? • mlapilla@netcentrics.com

  37. References

Recommend

Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From

Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From

Protg 2006, July 26th, Stanford I R I S A C 1 R E C Saint-Cyr Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From Ontology Ontology Design Design Ontology Ontology Design Design Jean Andr B

371 views • 12 slides
CIRT C ritical I ncident R esponse T eam What is CIRT? CIRT is the Critical Incident Response Team

CIRT C ritical I ncident R esponse T eam What is CIRT? CIRT is the Critical Incident Response Team

CIRT C ritical I ncident R esponse T eam What is CIRT? CIRT is the Critical Incident Response Team and is comprised of a multidisciplinary group of employees who have volunteered to respond when critical incident stress management (CISM)

466 views • 22 slides
Institutionalizing Lessons Learned October 25, 2006 Loren Plisco Region II Background

Institutionalizing Lessons Learned October 25, 2006 Loren Plisco Region II Background

Institutionalizing Lessons Learned October 25, 2006 Loren Plisco Region II Background SEP 2002 Davis-Besse Lessons Learned Task Force AUG 2004 - Effectiveness Review Lessons Learned Task Force JAN 2005 - EDO Charters

269 views • 22 slides
OSHA Lessons Learned Adam Fries OSHA Compliance Officer February 13, 2018 OSHA Lessons Learned

OSHA Lessons Learned Adam Fries OSHA Compliance Officer February 13, 2018 OSHA Lessons Learned

OSHA Lessons Learned Adam Fries OSHA Compliance Officer February 13, 2018 OSHA Lessons Learned Jobsite Safety and Health Inspections/Audits better known as; PAPER WORK You hate it, Your safety director requires it, OSHA loves it, Does it

926 views • 35 slides
3/8/2019 Epidemiology, Risk Factors, and Outcomes of Pediatric PVD: LESSONS learned from the

3/8/2019 Epidemiology, Risk Factors, and Outcomes of Pediatric PVD: LESSONS learned from the

3/8/2019 Epidemiology, Risk Factors, and Outcomes of Pediatric PVD: LESSONS learned from the Spanish Registry: Lessons Learned from the Registries o Is It possible (and worthy) to do a national registry? Lessons learned from the o

1.16k views • 43 slides
DEBUGGING LESSONS LEARNED WHILE DEBUGGING LESSONS LEARNED WHILE FIXING NETBSD FIXING NETBSD

DEBUGGING LESSONS LEARNED WHILE DEBUGGING LESSONS LEARNED WHILE FIXING NETBSD FIXING NETBSD

DEBUGGING LESSONS LEARNED WHILE DEBUGGING LESSONS LEARNED WHILE FIXING NETBSD FIXING NETBSD ABOUT ME ABOUT ME maya@NetBSD.org coypu@sdf.org NetBSD/pkgsrc for the last 3 years THIS TALK THIS TALK Mix of a bunch of bugs Not solo work

695 views • 31 slides
TWO-GANTRY, FIVE-BRUSH MACHINES Objective NET.5 is a 2-gantry, 5-brush machine remarkable

TWO-GANTRY, FIVE-BRUSH MACHINES Objective NET.5 is a 2-gantry, 5-brush machine remarkable

TWO-GANTRY, FIVE-BRUSH MACHINES Objective NET.5 is a 2-gantry, 5-brush machine remarkable because of its high technological content; it was conceived and constructed to develop a brush washing concept unique in its class. New look The

343 views • 18 slides
1.- How does clearing work? 1 CCP clearing Actors involved Actions Client An

1.- How does clearing work? 1 CCP clearing Actors involved Actions Client An

1.- How does clearing work? 1 CCP clearing Actors involved Actions Client An undertaking with a Provides Initial Margin (IM) to the contractual relationship with a clearing Client1 Client2 ClientN Clearing Member (CM)

687 views • 19 slides
Lessons Learned A Value Added Product of the Project Life Cycle R Gilman April 19, 2006 Agenda

Lessons Learned A Value Added Product of the Project Life Cycle R Gilman April 19, 2006 Agenda

Lessons Learned A Value Added Product of the Project Life Cycle R Gilman April 19, 2006 Agenda Introduction What are Lessons Learned? Value to the Project Process and Organization Keanes Approach to Lessons Learned Keys to

261 views • 24 slides
UNIVERSITY CLEARING 2020 What is clearing? Clearing is how Universities and colleges fill

UNIVERSITY CLEARING 2020 What is clearing? Clearing is how Universities and colleges fill

UNIVERSITY CLEARING 2020 What is clearing? Clearing is how Universities and colleges fill any places they still have on their courses. On average there are 35,000 courses available through clearing. Clearing opened on the 6 th July

363 views • 8 slides
Four Major Events in Our History and the Lessons Learned Coleen Reiswig, Isobel McDonald, Ted

Four Major Events in Our History and the Lessons Learned Coleen Reiswig, Isobel McDonald, Ted

Four Major Events in Our History and the Lessons Learned Coleen Reiswig, Isobel McDonald, Ted Pincock, Carolyn Bouchard Joanne Archer Outline: 1) Common Themes 2) The Event and lessons learned: Spanish Influenza 1918 SARS

417 views • 38 slides
Lessons Learned from Japans NPL Experience Ladies and gentlemen, today I would like to discuss

Lessons Learned from Japans NPL Experience Ladies and gentlemen, today I would like to discuss

Beijing International Finance Forum Chairman Junichi Ujiie 2004/05/19 Lessons Learned from Japans NPL Experience Ladies and gentlemen, today I would like to discuss the lessons to be learned from Japans NPL problems: first, the disposal

344 views • 3 slides
Some lessons learned from Team Science Some lessons learned from Team Science Lewis Cantley Weill

Some lessons learned from Team Science Some lessons learned from Team Science Lewis Cantley Weill

Some lessons learned from Team Science Some lessons learned from Team Science Lewis Cantley Weill Cornell Medical College, New York Presbyterian Hospital Past participation in Team Science Period Period Type of grant Type of grant Role in Grant

380 views • 20 slides
VALUE: Lessons Learned Kate McConnell & Erin Horan Association of American Colleges and

VALUE: Lessons Learned Kate McConnell & Erin Horan Association of American Colleges and

VALUE: Lessons Learned Kate McConnell & Erin Horan Association of American Colleges and Universities Todays session Overview of the MSC Scoring and reporting Lessons learned as related to validity Unintended consequences?

661 views • 40 slides
MDG-SDG TRANSITION IN IVORY COAST: LESSONS LEARNED AND IMPLICATIONS ON CURRENT PUBLIC POLICIES

MDG-SDG TRANSITION IN IVORY COAST: LESSONS LEARNED AND IMPLICATIONS ON CURRENT PUBLIC POLICIES

MDG-SDG TRANSITION IN IVORY COAST: LESSONS LEARNED AND IMPLICATIONS ON CURRENT PUBLIC POLICIES SAKO G. . Oumar CONTENTS I. Context II. Assessment and lessons learned from implemention of MDGs III. Domestication/contextaulisation of SDGs

151 views • 12 slides
FACILITATED BY: Robin Booth, CPA 2 Training Topics Lessons Learned Best Practices

FACILITATED BY: Robin Booth, CPA 2 Training Topics Lessons Learned Best Practices

Office of Housing Counseling Best 9/20/2016 Practices/Lessons Learned - LHCAs U.S. Department of Housing and Urban Development Office of Housing Counseling Best Practices/Lessons Learned LHCAs September 20, 2016 12:00 PM Eastern Standard

569 views • 9 slides
Lessons learned - viewpoints on increasing analytical capabilities Elizabeth Riczko, FCAS,

Lessons learned - viewpoints on increasing analytical capabilities Elizabeth Riczko, FCAS,

Lessons Learned 3/22/2011 Lessons learned - viewpoints on increasing analytical capabilities Elizabeth Riczko, FCAS, MAAA, CPCU 1 What are we doing? 2 It starts with a goal NOT a method A business question Ask why (and repeat)

338 views • 10 slides
MTN-001 Menu Lessons Learned Patrick Karugaba MU-JHU Core Lab, Kampala Uganda Objectives

MTN-001 Menu Lessons Learned Patrick Karugaba MU-JHU Core Lab, Kampala Uganda Objectives

MTN-001 Menu Lessons Learned Patrick Karugaba MU-JHU Core Lab, Kampala Uganda Objectives Introduction Identifying strength & resources at our disposal. Enumeration of challenges/tasks Lessons learned Conclusion

614 views • 13 slides
Lessons Learned (the Hard Way) in an Organization from Predictive Modeling Projects Predictive

Lessons Learned (the Hard Way) in an Organization from Predictive Modeling Projects Predictive

Lessons Learned: Viewpoints on Increasing Analytical Capabilities Lessons Learned (the Hard Way) in an Organization from Predictive Modeling Projects Predictive Modeling Projects from a Company Perspective Greg Hansen, FCAS, MAAA Actuarial

349 views • 18 slides
SPP Integrated Marketplace Day 2 Market Lessons Learned & Project Approach Bill Clarke

SPP Integrated Marketplace Day 2 Market Lessons Learned & Project Approach Bill Clarke

SPP Integrated Marketplace Day 2 Market Lessons Learned & Project Approach Bill Clarke Tyler Wolford Jon Sunneberg June 22, 2011 Agenda Introduction Day 2 Market Lessons Learned Operations Trading Tools &

1.4k views • 65 slides
Defining the road ahead Lessons learned from the National Action Plans on ASGM PROGRAMME

Defining the road ahead Lessons learned from the National Action Plans on ASGM PROGRAMME

Defining the road ahead Lessons learned from the National Action Plans on ASGM PROGRAMME Openingremarksand presentation of the global progress UNEP UNIDO Sharing national experience and lessons learned Uganda Ecuador WHO Artisanal Gold

387 views • 37 slides
has learned Col Rakesh Jetly OMM,CD,MD,FRCPC. Lots of Ground to Cover!! Why am I here?

has learned Col Rakesh Jetly OMM,CD,MD,FRCPC. Lots of Ground to Cover!! Why am I here?

Mental Health In the Workplace: What CAF has learned Col Rakesh Jetly OMM,CD,MD,FRCPC. Lots of Ground to Cover!! Why am I here? Lessons learned from Military medicine CAF in Kandahar MH Lessons Learned MH in The

1.18k views • 80 slides
Lessons Learned: 603 Pandora Fire - EOC activation & Business Continuity 05:18hrs on May 6 th

Lessons Learned: 603 Pandora Fire - EOC activation & Business Continuity 05:18hrs on May 6 th

Lessons Learned: 603 Pandora Fire - EOC activation & Business Continuity 05:18hrs on May 6 th , 2019 report of a structure fire at 603 Pandora Ave 603 Pandora Fire Lessons Learned RPAS Calle lled in in at 0600hrs 603 Pandora Fire Lessons

497 views • 16 slides
Lessons Learned from the 2019 USG Shutdown Fourth Annual AGA Charleston, SC PDT 2019 November

Lessons Learned from the 2019 USG Shutdown Fourth Annual AGA Charleston, SC PDT 2019 November

Lessons Learned from the 2019 USG Shutdown Fourth Annual AGA Charleston, SC PDT 2019 November 21, 2019 1 Todays Discussion Timing The Most Important Thing The #1 Key to Survival and Recovery The Biggest Lessons Learned

562 views • 16 slides

More recommend