davix visualization bootcamp 25c3
play

DAVIX Visualization Bootcamp 25C3 Visualize Your Network! Jan P. - PDF document

Jan 25, 2023 •223 likes •555 views

DAVIX Visualization Bootcamp 25C3 Visualize Your Network! Jan P. Monsch Marius Ciepluch About Your Hosts Jan P. Monsch Marius Ciepluch l l DAVIX Project Initiator & DAVIX User & l l Lead Engineer Workshop Assistant Senior

  1. DAVIX Visualization Bootcamp 25C3 Visualize Your Network! Jan P. Monsch Marius Ciepluch About Your Hosts Jan P. Monsch Marius Ciepluch l l DAVIX Project Initiator & DAVIX User & l l Lead Engineer Workshop Assistant Senior Security Analyst l Student in Security and Student in l l Forensic Computing Computer Science @ Dublin City University @ University Lübeck

  2. Workshop Preparation Get DAVIX l Visit http://82.197.185.121/davix/release/ l Download l davix-1.0.1-defcon16.iso.gz l davix-manual-1.0.1.pdf l 25c3-workshop.lzm l Recommended setup l VMware Player or VMware Fusion l Bridged or NAT networking l Configure host to access 25C3 network l See chapter 6.1.1 & 6.1.2 in manual for assistance l Agenda l Introduction DAVIX l Visualization l Walk-Through DAVIX l Hands-on Lab l Visualization Contest

  3. Introduction DAVIX Initial Situation l Security visualization is quite new l Currently two books available [1, 2]

  4. Initial Situation l Many free visualization tools But installation is often cumbersome l Compiler version and library issues l Code difficult to build or broken l Diverse runtime environments: l Java, Perl, Ruby, Python, Windows Applications l Huge hurdle for people to get start with security visualization Mission Statement l DAVIX shall provide the audience with a workable and l integrated tools set, enable them to immediately start with security l visualization and motivate them to contribute to the security l visualization community.

  5. Inside the DAVIX Live CD Live Linux CD system based on SLAX 6 [3] l Software packages are modularized l Easy customizable l Runs from CD/DVD, USB stick or hard drive l Collection of free tools for processing & visualization l Tools work out of the box l No compilation or installation of tools required l Comes with documentation [4] l Quick start description for the most important tools l Links to manuals and tutorials l DAVIX 1.0.1 Tools Processing Visualization Capture l l l Shell Tools Network Traffic Network Tools l l l awk, grep, sed EtherApe l l Argus l InetVis l Snort l tnv Visualization l l Wireshark l Preprocessing AfterGlow Generic l l Logging l LGL l AfterGlow l syslog-ng l Graphviz l Extraction l LGL Viewer l Fetching Data Chaosreader l l Mondrian l wget R Project l l Data Enrichment Treemap l ftp l l geoiplookup l scp l whois, gwhois l

  6. Highlights Upcoming 1.0.5 α Processing Visualization Capture l l l Integration Network Traffic Network Tools l l l Splunk FlowTag l l Bro IDS l NSM Console INAV l l NetGrok l Zenmap PCAP l l manipulation/ extraction Generic l ngrep l NAZAR l tcpxtract l Octave l tcpslice l tcpflow l Visualization

  7. Visualization l Raffael Marty “A picture is worth a thousand log records.” [2] l l Ben Shneiderman “The purpose of viz is insight, not pictures.” [5] l Information Seeking Mantra [6] Details Overview on Demand Zoom and Filter

  8. Information Viz Process [2] Interface Issue Each visualization tool l ? has its own file format PCAP interfaces ? Data must be converted l to match the import ? interfaces CSV TM3 These adapters are l mostly self-written Viz Tool 1 Viz Tool 2 Viz Tool 3 Viz Tool 4 snippets of code

  9. Walk-Through User Interface l Menu organized around Info Viz Process Capture Visualize Process l Tools often cover more than one category Afterglow � Process, Visualize l l Additional tools/services Apache, MySQL, NTP l

  10. PDF User Manual l Content Quick start guide l Network setup information l Tool usage examples l Links to online resource l Customizing DAVIX l User Manual in the Menu The manual is browsable by chapter … l … or individual tool chapters l

  11. Hands-on Lab Overview Lab built around l Info Viz Process Problem DAVIX Tools Overview l Definition Processing l Wireshark / tshark [7] l p0f [8] l awk [9], sed, uniq l Details Filter Snort [10] l on Demand Visualization l AfterGlow [11] l Visualize Graphviz [12] l Treemap [13] l

  12. Problem Definition l Type of Traffic? l Network Topology? Gateway? l Team Server? l Other Team Systems? l l Activities? Communication Pattern? l Attacks? l Type of Traffic

  13. Overview - Background CTF DEFCON 12 l PCAP File l 6 teams l 1 server per team l with vulnerable services Many team l member systems Symmetrical setup l for all teams. Overview - Wireshark l Basic statistics 54 MB PCAP file l Date 31.07.2004 l 41 min of traffic l 100’000 packets l

  14. Overview - Wireshark Packets Protocols Traffic Volume l l Mostly IP Mostly TCP l l Mostly TCP l Some UDP l Overview - Wireshark l TCP Mostly HTTP l Some DCE RPC � Windows l

  15. Overview - Wireshark l Traffic Shape Constant at begin l Massive increase l at the end. tcp.port==80 Network Topology

  16. Visualize: AfterGlow / Graphviz Possible Gateways Not a Gateway 001_network_topology_gateway.sh Zoom & Filter - tshark l CSV of source/destination IP to source/destination MAC addresses 0.0.0.0,00:00:86:5b:e9:6a l 0.0.0.0,00:04:5a:a2:d4:08 192.168.1.2,00:c0:95:e0:0e:af 192.168.3.2,00:c0:95:e0:0e:af 192.168.4.1,00:c0:95:e0:0e:af 192.168.4.152,00:09:6b:53:8a:81 192.168.4.153,00:c0:95:e0:0e:af ...

  17. 001_network_topology_gateway.sh Zoom & Filter - tshark Extract IP addresses and their MAC addresses l tshark -r davix_workshop_captures.pcap l -e ip.src -e eth.src -Tfields -E separator=, -R ip > ip_mac.csv tshark -r davix_workshop_captures.pcap l -e ip.dst -e eth.dst -Tfields -E separator=, -R ip >> ip_mac.csv cat ip_mac.csv | sort | uniq > l ip_mac_distinct.csv 001_network_topology_gateway.sh Visualize: AfterGlow / Graphviz l Visualize CSV file using AfterGlow cat ip_mac_distinct.csv | l afterglow.pl -t | neato -Tpng -o ip_mac_distinct.png l View resulting image gqview l

  18. 001_network_topology_gateway.sh Visualize: AfterGlow / Graphviz Possible Gateways Not a Gateway 002_network_topology_operating_system.sh Overview – p0f Other teams come through NAT l Results 192.168.4.1,FreeBSD 4.7-5.2 l (or MacOS X 10.2-10.4) 192.168.4.1,FreeBSD 4.8-5.1 (or MacOS X 10.2-10.3) 192.168.4.1,Linux 2.4-2.6 192.168.4.1,OpenBSD 3.0-3.9 192.168.4.1,Windows 2000 SP4, XP SP1+ 192.168.4.1,Windows XP SP1+, 2000 SP3 192.168.4.152,Linux 2.4-2.6 192.168.4.153,Linux 2.4-2.6 192.168.4.154,Linux 2.4-2.6 192.168.4.157,Linux 2.4-2.6 192.168.4.159,Linux 2.4-2.6 192.168.4.160,Linux 2.4-2.6 192.168.4.45,Linux 2.4-2.6

  19. 002_network_topology_operating_system.sh Overview – p0f l Identify Involved Operating Systems p0f -f /etc/p0f/p0f.fp -s l davix_workshop_captures.pcap -N | sed "s/ (up.*$//" | sed "s/:[0-9]* - /,/" | sort | uniq Visualize – Visio ;-) l Topology Opponents 192.168.1.2 192.168.3.2 192.168.5.2 192.168.6.2 192.168.7.2 192.168.4.1 192.168.4.153 NAT IP Linux 00:C0:95:E0:0E:AF 00:0B:5F:69:B2:01 00:E0:98:08:F7:E2 CISCO

  20. Visualize – Visio ;-) l Our Team 00:0B:5F:69:B2:01 00:E0:98:08:F7:E2 CISCO 192.168.4.2 WIN 192.168.4.3 192.168.4.33 192.168.4.35 192.168.4.36 192.168.4.45 WIN Linux ?Unix? Linux 192.168.4.152 192.168.4.154 192.168.4.157 192.168.4.159 192.168.4.160 Linux Linux Linux Linux Linux Activities Linked Graphs

  21. 003_activity_connections.sh Visualize: AfterGlow / Graphviz l Green Our team l l Red Other teams l l Yellow NAT IP l l Blue Neutral l 003_activity_connections.sh Zoom & Filter - tshark l Extract source & destination IP addresses tshark -r davix_workshop_captures.pcap l -e ip.src -e ip.dst -Tfields -E separator=, -R ip > ipsrc_ipdst.csv

  22. 003_activity_connections.sh Visualize: AfterGlow / Graphviz l Visualize CSV file using AfterGlow cat ipsrc_ipdst.csv | l afterglow.pl -c color1.properties -t | neato -Tpng -o ipsrc_ipdst.png l View resulting image gqview l 003_activity_connections.sh Visualize: AfterGlow / Graphviz l AfterGlow color1.properties color.source="khaki1" if ($fields[0]=~/^192\.168\.4\.1$/); l color.source="palegreen" if ($fields[0]=~/^192\.168\.4\..*/); color.source="lightblue" if ($fields[0]=~/^0\.0\.0\.0$/); color.source="lightblue" if ($fields[0]=~/^255\.255\.255\.255$/); color.source="lightblue" if ($fields[0]=~/^198\.123\.30\.132$/); color.source="lightsalmon" color.target="khaki1" if ($fields[1]=~/^192\.168\.4\.1$/); l color.target="palegreen" if ($fields[1]=~/^192\.168\.4\..*/); color.target="lightblue" if ($fields[1]=~/^0\.0\.0\.0$/); color.target="lightblue" if ($fields[1]=~/^255\.255\.255\.255$/); color.target="lightblue" if ($fields[1]=~/^198\.123\.30\.132$/); color.target="lightsalmon"

  23. 003_activity_connections.sh Visualize: AfterGlow / Graphviz l Green Our team l l Red Other teams l l Yellow NAT IP l l Blue Neutral l 003_activity_connections.sh Visualize: AfterGlow / Graphviz l Zoom Image l 192.168.4.0/24 attacking other teams l But who is the most active IP?

Recommend

Summer School Overview Day 0: R bootcamp Day 1: Workflow, Google App Engine Day 2:

Summer School Overview Day 0: R bootcamp Day 1: Workflow, Google App Engine Day 2:

Summer School Overview Day 0: R bootcamp Day 1: Workflow, Google App Engine Day 2: Online Experiments Day 3: Data wrangling, visualization Day 4: Statistics, Probabilistic models Day 5: Experience sampling Packages and

750 views • 55 slides
Security Visualization Tim Vidas & Hanan Hibshi UPS 2011 1 Visualization Visualization can

Security Visualization Tim Vidas & Hanan Hibshi UPS 2011 1 Visualization Visualization can

Security Visualization Tim Vidas & Hanan Hibshi UPS 2011 1 Visualization Visualization can Visualization can be startling, Still impressed by Visualization can be reveal previously It can stop crowds! the visualization... Impressive!

1.05k views • 36 slides
Visualization Visualization Understand what ConvNets learn 2 Visualization The development of

Visualization Visualization Understand what ConvNets learn 2 Visualization The development of

Day 2 Lecture 3 Visualization Visualization Understand what ConvNets learn 2 Visualization The development of better convnets Visualization can help in is reduced to trial-and-error. proposing better architectures. 3 Visualization

687 views • 37 slides
Defining Visualization Definition: Visualization Process [Munzner, 2014] "The use of

Defining Visualization Definition: Visualization Process [Munzner, 2014] "The use of

Content Motivation & Contextualization Definitions Concepts Models in Visualization From the past Different levels Theory of Visualization Process: Conceptual Models Survey ? Overview ? Knowledge-Assisted Visualization

279 views • 15 slides
Visualization CS 299 Introduction to Data Science Overview 1. What Is Visualization? 2.

Visualization CS 299 Introduction to Data Science Overview 1. What Is Visualization? 2.

5/16/18 Visualization CS 299 Introduction to Data Science Overview 1. What Is Visualization? 2. History of Visualization 3. Relationship between Visualization and Other Fields 4. The Visualization Process 5. The Scatterplot 6. The Role

609 views • 19 slides
RegionalTeamMeetingsand Bootcamp Fiveschoolsatthreecampuses

RegionalTeamMeetingsand Bootcamp Fiveschoolsatthreecampuses

RegionalTeamMeetingsand Bootcamp Fiveschoolsatthreecampuses Skype,email,Googlewave,andregionalmeetingsusedto communicatebetweencampuses.

454 views • 29 slides
Data Visualization Tools, How do you make a visualization? Is it the right visualization?

Data Visualization Tools, How do you make a visualization? Is it the right visualization?

A comment on How should we visualize data Data Visualization Tools There are two aspects of visualizations to think about: Data Visualization Tools, How do you make a visualization? Is it the right visualization? Gapminder Demo: Tableau

365 views • 3 slides
Data Visualization Brait ispuu Types of Visualization Mathematical Visualization y =

Data Visualization Brait ispuu Types of Visualization Mathematical Visualization y =

Data Visualization Brait ispuu Types of Visualization Mathematical Visualization y = x+1 Mandelbrot Scientific Visualization Data acquired via lengthy simulations Missing data must be handled Types of Visualization (2)

563 views • 27 slides
Volume Visualization Overview: Volume Visualization (1) Introduction to volume visualization On

Volume Visualization Overview: Volume Visualization (1) Introduction to volume visualization On

Volume Visualization Overview: Volume Visualization (1) Introduction to volume visualization On volume data Voxels vs. cells Interpolation Gradient Classification Transfer Functions (TF) Slice vs surface vs. volume rendering Overview:

1.35k views • 99 slides
Orientation & Selected Guest Lecture Models Nathaniel Osgood Agent-Based Modeling Bootcamp

Orientation & Selected Guest Lecture Models Nathaniel Osgood Agent-Based Modeling Bootcamp

Orientation & Selected Guest Lecture Models Nathaniel Osgood Agent-Based Modeling Bootcamp for Health Researchers August 22, 2011 Goals of Bootcamp To expose participants to basics of building agent- based models (ABMs) in AnyLogic

822 views • 22 slides
9 to Thrive 9 Tips For Success In Your New Job Maddy Beard Adobe Career Bootcamp MADDY BEARD

9 to Thrive 9 Tips For Success In Your New Job Maddy Beard Adobe Career Bootcamp MADDY BEARD

Maddy Beard Adobe Career Bootcamp 9 to Thrive 9 Tips For Success In Your New Job Maddy Beard Adobe Career Bootcamp MADDY BEARD Creative Resident, Adobe Maddy Beard Adobe Career Bootcamp Im a strategic designer with a focus on UI/UX

716 views • 44 slides
Cartographic Visualization Geographic visualization: designing manipulable maps for exploring

Cartographic Visualization Geographic visualization: designing manipulable maps for exploring

From Metaphor to Method: Cartographic Perspectives on Information Visualization Andre Skupin, Proc. InfoVis 2000, pp 91-97. An evolving cognitive-semiotic approach to geographic visualization and knowledge construction Alan M.

216 views • 7 slides
1 L Dec-1-05 SMD157, Information Visualization Overview What is information visualization?

1 L Dec-1-05 SMD157, Information Visualization Overview What is information visualization?

INSTITUTIONEN FR SYSTEMTEKNIK LULE TEKNISKA UNIVERSITET Information Visualization SMD157 Human-Computer Interaction Fall 2005 1 L Dec-1-05 SMD157, Information Visualization Overview What is information visualization? What do

710 views • 21 slides
Visualization Systems 11-1 Ronald Peikert SciVis 2008 - Visualization Systems Modular

Visualization Systems 11-1 Ronald Peikert SciVis 2008 - Visualization Systems Modular

Visualization Systems 11-1 Ronald Peikert SciVis 2008 - Visualization Systems Modular visualization environments Many popular visualization software are designed as so- called modular visualization environments (MVEs): data flow

639 views • 26 slides
Nonspatial/Information Visualization Visualization http://www.ugrad.cs.ubc.ca/~cs314/Vjan2013 2

Nonspatial/Information Visualization Visualization http://www.ugrad.cs.ubc.ca/~cs314/Vjan2013 2

University of British Columbia CPSC 314 Computer Graphics Jan-Apr 2013 Tamara Munzner Nonspatial/Information Visualization Visualization http://www.ugrad.cs.ubc.ca/~cs314/Vjan2013 2 Reading Why Do Visualization? FCG Chap 27 pictures

390 views • 11 slides
Week 6 Video 1 Visualization Learning Curves Visualization Displaying information in a

Week 6 Video 1 Visualization Learning Curves Visualization Displaying information in a

Week 6 Video 1 Visualization Learning Curves Visualization Displaying information in a meaningful fashion Visualization Should (Tufte, 1983) Show the data Induce the viewer to think about the substance Avoid distorting what the

519 views • 34 slides
Information Visualization Text: Information visualization, Robert Spence, Addison-Wesley, 2001

Information Visualization Text: Information visualization, Robert Spence, Addison-Wesley, 2001

Information Visualization Text: Information visualization, Robert Spence, Addison-Wesley, 2001 CSC 7443: Scientific Information Visualization B.B. Karki, LSU What Visualization? Process of making a computer image or graph for giving an

1.06k views • 30 slides
Glyph-based Visualization Applications David H. S. Chung Swansea University Outline Glyph

Glyph-based Visualization Applications David H. S. Chung Swansea University Outline Glyph

Glyph-based Visualization Applications David H. S. Chung Swansea University Outline Glyph Design Application Flow Event Multi-field Visualization Visualization Visualization Uncertainty Geo-spatial Tensor Medical Visualization

559 views • 30 slides
Introduction to Principles of integrity Information Visualization Some visualization

Introduction to Principles of integrity Information Visualization Some visualization

About This Talk What is information visualization Principles of graphical excellence Introduction to Principles of integrity Information Visualization Some visualization techniques References Kai Li E.R. Tufte, The Visual

518 views • 12 slides
Bonnie DeVarco - Co-Evolution of Geovisualization and Information Visualization Visualization for

Bonnie DeVarco - Co-Evolution of Geovisualization and Information Visualization Visualization for

Bonnie DeVarco - Co-Evolution of Geovisualization and Information Visualization Visualization for Connective, Collective, Distributed Intelligence Bonnie DeVarco Media X Visualization Vanguard Collaboratory August 12-14, 2009 Who are we?

568 views • 44 slides
Visualisatie BMT Introduction, visualization, visualization pipeline Arjan Kok Huub van de

Visualisatie BMT Introduction, visualization, visualization pipeline Arjan Kok Huub van de

Visualisatie BMT Introduction, visualization, visualization pipeline Arjan Kok Huub van de Wetering (h.v.d.wetering@tue.nl) 1 Lecture overview Goal Summary Study material What is visualization Examples

1.44k views • 55 slides
Subdivision for Graphics and Visualization Graphics & Visualization: Principles &

Subdivision for Graphics and Visualization Graphics & Visualization: Principles &

Graphics & Visualization Chapter 8 Subdivision for Graphics and Visualization Graphics & Visualization: Principles & Algorithms Chapter 8 Introduction Tensor product B-spline surfaces restrict the

1.78k views • 60 slides
Lecture 3 January 16, 2020 The Visualization Toolkit Open source library for Visualization:

Lecture 3 January 16, 2020 The Visualization Toolkit Open source library for Visualization:

CS530 - Spring 2020 Introduction to Scientific Visualization Lecture 3 January 16, 2020 The Visualization Toolkit Open source library for Visualization: Mostly sciviz, some infoviz Computer Graphics Imaging Written in C++ Supports Python

670 views • 65 slides
An R- -library for 3D visualization library for 3D visualization An R with OpenGL with OpenGL

An R- -library for 3D visualization library for 3D visualization An R with OpenGL with OpenGL

An R- -library for 3D visualization library for 3D visualization An R with OpenGL with OpenGL Oleg Nenadi , Daniel Adler, Walter Zucchini Institute for Statistics and Econometrics, University of Goettingen, Germany RGL: An R-library for

179 views • 14 slides

More recommend