data science
play

DATA SCIENCE THE DFIR OUT OF THIS! John Lukach blog.4n6ir.com - PowerPoint PPT Presentation

Jan 20, 2024 •304 likes •769 views

IM GONNA HAVE TO DATA SCIENCE THE DFIR OUT OF THIS! John Lukach blog.4n6ir.com @jblukach AGENDA DATA SOURCE CLEAN DATA ADD CONTEXT VISUALIZATION SYSMON System Monitor is a Windows system service and device driver that,

  1. I’M GONNA HAVE TO DATA SCIENCE THE DFIR OUT OF THIS! John Lukach blog.4n6ir.com @jblukach

  2. AGENDA • DATA SOURCE • CLEAN DATA • ADD CONTEXT • VISUALIZATION

  3. SYSMON System Monitor is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time. https://technet.microsoft.com/en-us/sysinternals/sysmon

  4. SYSMON System Monitor does not provide collection or analysis of the events it generates, nor does it attempt to protect or hide itself from attackers. Sysmon64.exe -accepteula -i -h md5 -n -l -r

  5. SYSMON-DFIR Michael Hagg has compiled a great list of Sysmon resources! https://github.com/MHaggis/sysmon-dfir

  6. EVENT IDS

  7. PROCESS CREATION

  8. NETWORK CONNECTION

  9. NO BLIND SPOTS A Transparent Proxy has the ability to intercept connections between clients and servers without being visible using Web Cache Communication Protocol (WCCPv2).

  10. PYTHON-EVTX Willi Ballenthin released a pure Python parser for Windows Event Log files providing programmatic access to the File and Chunk headers, record templates and event entries. pip3 install python-evtx https://github.com/williballenthin/python-evtx

  11. LOG VOLUME

  12. SEARCHABLE

  13. EXPLORE

  14. PROCESS EXPLORER

  15. PROCESS-FOREST Willi Ballenthin released a Python script that builds historical process hierarchies from process auditing and Symon event logs. https://github.com/williballenthin/process-forest

  16. PYRAMID OF PAIN http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html

  17. SYSMON-FOREST.PY https://github.com/jblukach/sysmon-forest

  18. HELP

  19. CLEAN DATA --sqlite is the path to the SQLite database location --evtx is the path to the Sysmon Event Log location --insert is the flag to add events to the database

  20. STATISTICS --stats on the number of processes, connections and etc.

  21. ADD CONTEXT --dns is the path to a text file with a list of domains --hash is the path to a text file with a list of hashes --ip is the path to a text file with a list of ip addresses --meta is the path to a text file with a list of meta data

  22. THIRD PARTY --maxmind is the path to the GeoLite2 City database pip3 install geoip2 http://dev.maxmind.com/geoip/geoip2/geolite2/ --rfc1918 flags private non-routable IP addresses pip3 install IPy

  23. VISUALIZATION --tree builds historical structure of processes, connections & etc.

  24. COLORS --bad --blah --evil --good --known --mark --unknown

  25. DETAILS --detail display specifics on a process by unique identifier

  26. DEMO

  27. CLEAN DATA python3 sysmon-forest.py --sqlite Cerber.SQLite --evtx Cerber.evtx --insert

  28. CLEAN DATA

  29. STATISTICS python3 sysmon-forest.py --sqlite Cerber.SQLite --stats

  30. STATISTICS

  31. STATISTICS

  32. STATISTICS

  33. RFC1918 python3 sysmon-forest.py --sqlite Cerber.SQLite --rfc1918 --blah

  34. RFC1918

  35. CONTEXT

  36. CONTEXT python3 sysmon-forest.py --sqlite Cerber.SQLite --meta input.txt --bad

  37. CONTEXT

  38. VISUALIZATION python3 sysmon-forest.py --sqlite Cerber.SQLite --tree

  39. VISUALIZATION

  40. DETAIL python3 sysmon-forest.py --sqlite Cerber.SQLite --detail {596b7bab-706f- 586a-0000-00108cba1c00}

  41. DETAIL

  42. BONUS

  43. CERBER

  44. CERBER

  45. CERBER

Recommend

Data Science: Statistics or Computer Science? 9/15/2015 DATA SCIENCE: STATISTICS OR COMPUTER

Data Science: Statistics or Computer Science? 9/15/2015 DATA SCIENCE: STATISTICS OR COMPUTER

Data Science: Statistics or Computer Science? 9/15/2015 DATA SCIENCE: STATISTICS OR COMPUTER SCIENCE? DATA SCIE DA SCIENCE: ST STATIS ISTICS TICS OR OR CO COMPU MPUTER ER SCIEN SCIENCE? IMPLICATIONS FOR STATISTICS EDUCATION IMPLIC ICATION

609 views • 24 slides
DataCamp Data Types for Data Science DataCamp Data Types for Data Science Data Set Overview

DataCamp Data Types for Data Science DataCamp Data Types for Data Science Data Set Overview

DataCamp Data Types for Data Science DataCamp Data Types for Data Science Data Set Overview Date,Block,Primary Type,Description, Location Description,Arrest,Domestic, District 05/23/2016 05:35:00 PM,024XX W DIVISION ST,ASSAULT,SIMPLE,

432 views • 13 slides
EMIS/DS 1300: A Practical Introduction to Data Science Slides by Michael Hahsler Data + Science

EMIS/DS 1300: A Practical Introduction to Data Science Slides by Michael Hahsler Data + Science

EMIS/DS 1300: A Practical Introduction to Data Science Slides by Michael Hahsler Data + Science = Results? Data Science ? Data Sources Results What is Data Science? Data science is a concept to unify statistics, data analysis, machine

637 views • 30 slides
DataCamp Data Types for Data Science DataCamp Data Types for Data Science Data types Data type

DataCamp Data Types for Data Science DataCamp Data Types for Data Science Data types Data type

DataCamp Data Types for Data Science DataCamp Data Types for Data Science Data types Data type system sets the stage for the capabilities of the language Understanding data types empowers you as a data scientist DataCamp Data Types for Data

528 views • 23 slides
Causal Data Science Roman Kern Knowledge Discovery and Data Mining 2 (Version 1.0.4) Roman Kern,

Causal Data Science Roman Kern Knowledge Discovery and Data Mining 2 (Version 1.0.4) Roman Kern,

www.tugraz.at > Motivation : With purely observational data we are not able Causal Data Science to answer many questions that one would expect data science to deliver. Taking into the causal perspective , one may (with SCIENCE assumptions, or

465 views • 24 slides
Data science for business Sebastian Sauer

Data science for business Sebastian Sauer

10.5.2019 Data science for business Data science for business Sebastian Sauer file:///Users/sebastiansaueruser/Documents/Publikationen/blog_ses/data_se/public/slides/data-science-business/intro-data-science-talk-2019-05-14.html#31 1/27

302 views • 27 slides
Data science methods for online teaching Matthew Brett What is data science not? The

Data science methods for online teaching Matthew Brett What is data science not? The

Data science methods for online teaching Matthew Brett What is data science not? The now-contemplated field of Data Science amounts to a superset of the fields of statistics and machine learning which adds some technol- ogy for scaling

216 views • 3 slides
The Care and Feeding of Data Scientists: Concrete Tips for Retaining Your Data Science Team

The Care and Feeding of Data Scientists: Concrete Tips for Retaining Your Data Science Team

The Care and Feeding of Data Scientists: Concrete Tips for Retaining Your Data Science Team Michelangelo DAgostino Senior Director, Data Science @MichelangeloDA September 13, 2018 Data Science Retention is a Real Problem Data Science

756 views • 54 slides
ww www. w.big bigbang bang-datasc atascience.com ience.com Agenda BBDS Team Data Science

ww www. w.big bigbang bang-datasc atascience.com ience.com Agenda BBDS Team Data Science

ww www. w.big bigbang bang-datasc atascience.com ience.com Agenda BBDS Team Data Science Portfolio Data Science Process Data Explosion Why Data Science? Career in Data Science What is Data Science? Machine Learning Type of Analytics

1.26k views • 90 slides
GPU POWERED SOLUTIONS IN THE SECOND KAGGLE DATA SCIENCE BOWL SECOND ANNUAL DATA SCIENCE BOWL

GPU POWERED SOLUTIONS IN THE SECOND KAGGLE DATA SCIENCE BOWL SECOND ANNUAL DATA SCIENCE BOWL

April 4-7, 2016 | Silicon Valley GPU POWERED SOLUTIONS IN THE SECOND KAGGLE DATA SCIENCE BOWL SECOND ANNUAL DATA SCIENCE BOWL Massive online data science contest Mon 14 Dec 2015 Mon 14 Mar 2016 192 teams, 293 data scientists finished

805 views • 53 slides
Presentation of Data in Science Presentation of Data in Science Filesize: 5.8 MB Reviews

Presentation of Data in Science Presentation of Data in Science Filesize: 5.8 MB Reviews

5YZGXTDJWIUB Kindle / Presentation of Data in Science Presentation of Data in Science Presentation of Data in Science Filesize: 5.8 MB Reviews Reviews An exceptional book as well as the font applied was fascinating to learn. It is loaded

330 views • 4 slides
NIH Data Science Allen Dearry, PhD Office of Data Science, NIH OD Office of Scientific

NIH Data Science Allen Dearry, PhD Office of Data Science, NIH OD Office of Scientific

NIH Data Science Allen Dearry, PhD Office of Data Science, NIH OD Office of Scientific Information Management, NIEHS NSF BDPI Meeting u Arlington, VA u April 21, 2016 What Are the Big Problems to Solve? 1. Locating the data 2. Getting access

340 views • 5 slides
Extreme Data-Intensive Scientific Computing Alex Szalay JHU Big Data in Science Data

Extreme Data-Intensive Scientific Computing Alex Szalay JHU Big Data in Science Data

Extreme Data-Intensive Scientific Computing Alex Szalay JHU Big Data in Science Data growing exponentially, in all science All science is becoming data-driven This is happening very rapidly Data becoming increasingly

347 views • 23 slides
logoslides Master degree in Data Science Why a new Master in Data Science? High volumes of data

logoslides Master degree in Data Science Why a new Master in Data Science? High volumes of data

logoslides Master degree in Data Science Why a new Master in Data Science? High volumes of data emerging in many different context led to the development of new methodologies to: Explore and organize the structure of available data. Identify

367 views • 15 slides
Data stories with The Pudding So what is data storytelling? Data academia & data science

Data stories with The Pudding So what is data storytelling? Data academia & data science

Data stories with The Pudding So what is data storytelling? Data academia & data science dense complex static/non-interactive often not accompanied by an easy-to-follow narrative Data art beautiful abstract

647 views • 5 slides
Presentation of Data in Science Presentation of Data in Science Filesize: 7.64 MB Reviews

Presentation of Data in Science Presentation of Data in Science Filesize: 7.64 MB Reviews

P2TNGHDPWLPR # Doc // Presentation of Data in Science Presentation of Data in Science Presentation of Data in Science Filesize: 7.64 MB Reviews Reviews It is simple in read easier to understand. I am quite late in start reading this one, but

368 views • 4 slides
Introduction to Data Science January 11, 2016 About this course DATA 5000: Introduction to Data

Introduction to Data Science January 11, 2016 About this course DATA 5000: Introduction to Data

Introduction to Data Science January 11, 2016 About this course DATA 5000: Introduction to Data Science Some highlights: Topics for data scientists R IBM Cognos Workspace, IBM SPSS Modeler, Watson Analytics VCL cloud Course

369 views • 25 slides
Deconstructing Data Science David Bamman, UC Berkeley Info 290 Lecture 7: Data and

Deconstructing Data Science David Bamman, UC Berkeley Info 290 Lecture 7: Data and

Deconstructing Data Science David Bamman, UC Berkeley Info 290 Lecture 7: Data and representation Feb 7, 2016 Data Science knowledge raw data algorithm Data data category example web logs, cell phone activity,

835 views • 56 slides
Data Science in the Wild Lecture 12: Memory-Based Data Warehouses Eran Toch Data Science in the

Data Science in the Wild Lecture 12: Memory-Based Data Warehouses Eran Toch Data Science in the

Data Science in the Wild Lecture 12: Memory-Based Data Warehouses Eran Toch Data Science in the Wild, Spring 2019 1 Data Engineering Extract Transform Load & Clean Sources Data Warehouse Data Science in the Wild, Spring 2019 2

1.12k views • 54 slides
DataCamp Data Types for Data Science DataCamp Data Types for Data Science Creating and looping

DataCamp Data Types for Data Science DataCamp Data Types for Data Science Creating and looping

DataCamp Data Types for Data Science DataCamp Data Types for Data Science Creating and looping through dictionaries Hold data in key/value pairs Nestable (use a dictionary as the value of a key within a dictionary) Iterable Created by dict()

827 views • 19 slides
Big Data for housing providers Jim Vine 3Vs of Big Data Data science Source:

Big Data for housing providers Jim Vine 3Vs of Big Data Data science Source:

Big Data for housing providers Jim Vine 3Vs of Big Data Data science Source: http://drewconway.com/zia/2013/3/26/the-data-science-venn-diagram Data mining Source: http://en.wikipedia.org/wiki/Cross_Industry_Standard_Process_for_Data_Mining

399 views • 27 slides
Data & Science A m mandate f for d data d driven c corporate i innovation By Igor

Data & Science A m mandate f for d data d driven c corporate i innovation By Igor

Data & Science A m mandate f for d data d driven c corporate i innovation By Igor Stojkovi Enterprise Analytics & Data Phillip Morris International Contents Mathematics for data science in commercial environment To prove

312 views • 15 slides
Building a Data Science Capability from Scratch Victor Hu Head of Data Science QCon - March2017

Building a Data Science Capability from Scratch Victor Hu Head of Data Science QCon - March2017

Building a Data Science Capability from Scratch Victor Hu Head of Data Science QCon - March2017 Contents Background QBE Context The five challenges: 1. Buy-in -- creating a corporate ambition for data science 2. Team

363 views • 24 slides
WELCOME DATA SCIENCE STRATEGY Are we ready for it? Asure / DOMO 3 DATA SCIENCE STRATEGY

WELCOME DATA SCIENCE STRATEGY Are we ready for it? Asure / DOMO 3 DATA SCIENCE STRATEGY

WELCOME DATA SCIENCE STRATEGY Are we ready for it? Asure / DOMO 3 DATA SCIENCE STRATEGY ASURES EXPERIENCE Bruce Harris Ulises Gonzalez-Guerra Director IT and Enterprise Business Applications, Pricing Specialist / AWS Cost

477 views • 34 slides

More recommend