Jasper Bongertz, Airbus CyberSecurity @packetjay Scanning for - PowerPoint PPT Presentation

Sep 16, 2023 •292 likes •380 views

Jasper Bongertz, Airbus CyberSecurity @packetjay Scanning for network IoCs is relatively easy: use an IDS/IPS snort, suricata, commercial appliances Perform live traffic analysis, or from PCAPs @packetjay IDS scan can easily result

Jasper Bongertz, Airbus CyberSecurity @packetjay
Scanning for network IoCs is relatively easy: use an IDS/IPS snort, suricata, commercial appliances Perform live traffic analysis, or from PCAPs @packetjay
IDS scan can easily result in tons of alerts Alerts are often spread over hundreds of PCAPs, containing millions of packets Main challenge : alerts usually contain info about the matching packet only @packetjay
[**] [1:2101201:11] GPL WEB_SERVER 403 Forbidden [**] [Classification: Attempted Information Leak] [Priority: 2] 06/04-02:09:08.142211 81.209.179.120:80 -> 142.4.215.116:56182 TCP TTL:55 TOS:0x14 ID:19599 IpLen:20 DgmLen:412 DF ***A**** Seq: 0xD5D42DAC Ack: 0x3C270191 Win: 0xA580 TcpLen: 32 The newer unified2 format is a binary format, which does not contain the rule name (just the SID, e.g. 1:2101202:11) @packetjay
The challenge is to get the full attack/alert context, e.g. the whole TCP conversation Searching in Wireshark using display filters: Yup, it‘s possible of course but it‘s no fun and it‘s slooooooooow Even with tshark scripting: running over all files again and again for each conversation is not efficient @packetjay
TraceWrangler: www.tracewrangler.com Mail: jasper@packet-foo.com Blog: blog.packet-foo.com Twitter: @packetjay @packetjay

Recommend

Speech to RIOT Jasper, how is the temperature? Jasper, re-order paper towels. Jasper, set a

Jasper, turn on the fan. Jasper, what's on my calendar today? Speech to RIOT Jasper, how is the temperature? Jasper, re-order paper towels. Jasper, set a timer for 20 minutes. Jasper, play music. Speech to RIOT

509 views • 14 slides

Auditors presentation AGM 16 April 2020 of Airbus SE Introduction and overview Airbus SE

Auditors presentation AGM 16 April 2020 of Airbus SE Introduction and overview Airbus SE Ernst & Young Accountants LLP Scope 2019 Consolidated financial statements plus notes thereto True and fair view: Independent

272 views • 5 slides

ABOUT JASPER CONRAN Jasper Conran, OBE, is a British designer. Having trained at Parsons School

ABOUT JASPER CONRAN Jasper Conran, OBE, is a British designer. Having trained at Parsons School of Design in New York, Jasper Conran produced his fjrst womenswear collection in 1978 and was a founding member of the London Designer Collections

469 views • 30 slides

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity cybersecurity? William J. Perry Martin Casado Keith Coleman Dan Wendlandt MS&E 91SI Spring 2004 Stanford University U.S. National Cybersecurity

79 views • 7 slides

Mars Climate Orbiter Shooting Down of Airbus 320 Purpose: to relay signals 1988 from the

Mars Climate Orbiter Shooting Down of Airbus 320 Purpose: to relay signals 1988 from the Mars Polar US Vicennes shot down Airbus 320 Lander once it reached the surface of the planet Mistook airbus 320 for a F-14 Disaster:

282 views • 9 slides

New Technology Platform Jasper Display Corp. Jasper Display Corp. Confidential Confidential

Jasper Display Corp. New Technology Platform Jasper Display Corp. Jasper Display Corp. Confidential Confidential Page 1 Page 1 BLUE OCEAN STRATEGY Optics & Materials couple electronics, mechanics, productization and mass production

526 views • 25 slides

AIRBUS INVESTOR MEETING LE BOURGET AIRSHOW 2019 Dirk Hoke Chief Executive Officer Airbus

AIRBUS INVESTOR MEETING LE BOURGET AIRSHOW 2019 Dirk Hoke Chief Executive Officer Airbus Defence and Space MARKET ENVIRONMENT We must take charge of Europes destiny, says Chancellor WHERE WE COME FROM Improved Programme Management

332 views • 9 slides

Airbus A380 Airfield Preparedness Prepared for: Citizens Transportation Advisory Committee

Airbus A380 Airfield Preparedness Prepared for: Citizens Transportation Advisory Committee May 25, 2011 Airbus A380 in MIA On March 31, 2011, Lufthansa announced that it will commence daily Airbus A380 service to Miami from

699 views • 40 slides

WHO WE ARE OUR FLEET Interjet fleet Airbus A320 (47 ceo & 3 neo) 50 150 passengers Airbus

WHO WE ARE OUR FLEET Interjet fleet Airbus A320 (47 ceo & 3 neo) 50 150 passengers Airbus A321 (6 ceo & 6 neo) 12 192 passengers SSJ100 22 93 passengers DESTINATIONS Mexico ROUTES MEXICO ACA-MEX BJX-CUN CJS-MEX CUL-TIJ

574 views • 26 slides

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives: Define Cybersecurity & why its important Provide information about Dept. Homeland Security Cybersecurity Campaigns: National

328 views • 22 slides

WE MAKE DIGITAL HUMANS CONTENTS SCANNING 3D EXTRAS - FACIAL SCANNING - HAIR + CLOTH -

WE MAKE DIGITAL HUMANS CONTENTS SCANNING 3D EXTRAS - FACIAL SCANNING - HAIR + CLOTH - BODY SCANNING - REAL-TIME INTEGRATION MODELLING/TEXTURING - LIGHTING + RENDERING - CAMERA ANIMATION - MODELLING - HEAD TRACKING -

728 views • 42 slides

Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies

Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies with 1000+ web applications running Move to m -services architectures making things worse Huge shortage of skilled security engineers to

732 views • 48 slides

Indirect Access SCANNING 2 Switch Step Scanning (get/select, move/scan)

3/12/20 Cases & Straps Mounts, stands, clamps. Types of Scanning 1 Switch Automatic Step/Dwell Indirect Access SCANNING 2 Switch Step Scanning (get/select, move/scan) Switches SG SGD Sc Scan an

270 views • 4 slides

Why the dynamic Operator Training Simulator proofs to be an Indispensable Tool Jasper Rutten

Why the dynamic Operator Training Simulator proofs to be an Indispensable Tool Jasper Rutten Huntsman Henk Leegwater OTS Twitter Conference Hashtag: #EMRex Presenters Jasper Rutten Henk Leegwater Introduction Jasper Rutten

959 views • 56 slides

Quantum Computing & Experience with D-Wave system Dr. Thierry Botter 12 April 2018 We are a

Airbus perspective on Quantum Computing & Experience with D-Wave system Dr. Thierry Botter 12 April 2018 We are a worldwide leader in aeronautics, space and related services : We make it fly! Airbus by numbers (end of 2017) Airbus

404 views • 13 slides

Introduction to Static LiDAR Scanning Presented By: Anthony Falbo P.L.S. September 2020 LiDAR

Introduction to Static LiDAR Scanning Presented By: Anthony Falbo P.L.S. September 2020 LiDAR Scanning Overview Scanning background Applications Strengths Weaknesses Scanning Examples Fisher Associates LiDAR = light

610 views • 20 slides

Cybersecurity A presentation to the National Association of Black Accountants Cleveland

Cybersecurity A presentation to the National Association of Black Accountants Cleveland Chapter Contents Cybersecurity and risk management 1 Cybersecurity and the regulatory 2 environment Cybersecurity and the audit 3 4 Appendix

685 views • 37 slides

credal networks under epistemic irrelevance Jasper De Bock 7

WPMSIIP 2013 credal networks under epistemic irrelevance Jasper De Bock 7 September 2013, Lugano Research group SYSTeMS Jasper De Bock Gert de

730 views • 41 slides

Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure

Top 10 Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure Boot Theory Internal boot ROM 1 st stage boot loader N th stage Verify signature Optional decrypt boot loader OS / Application 2

517 views • 25 slides

FamilySearch Scanning (Scanstone) An Automated Exposure Method For Scanning Microfilm Heath

FamilySearch Scanning (Scanstone) An Automated Exposure Method For Scanning Microfilm Heath Nielson nielsonhe@ldschurch.org Digitizing Microfilm Scan as efficiently as possible At 30 minutes a roll, it would require a single scanner

471 views • 21 slides

Scanning Probe Microscopy L. J. Heyderman 2 Scanning Probe Microscopy If an atom was as

1 Scanning Probe Microscopy L. J. Heyderman 2 Scanning Probe Microscopy If an atom was as large as a ping-pong ball... ...the tip would have the size of the L. J. Heyderman Matterhorn! 3 Magnetic Force Microscopy Stray field

147 views • 14 slides

AIRBUS GROUP H1 2016 ROADSHOW PRESENTATION KEPLER CHEUVREUX AUTUMN CONFERENCE PARIS, 15

AIRBUS GROUP H1 2016 ROADSHOW PRESENTATION KEPLER CHEUVREUX AUTUMN CONFERENCE PARIS, 15 SEPTEMBER 2016 HARALD WILHELM CFO AIRBUS GROUP H1 2016 HIGHLIGHTS 2 Robust and diversified commercial backlog supporting ramp-up H1

509 views • 15 slides

Analysis of Program Differences with Numerical Abstract Interpretation Airbus LIP6 day David

Running example Concrete semantics Abstract semantics Evaluation References Analysis of Program Differences with Numerical Abstract Interpretation Airbus LIP6 day David Delmas 1, 2 e 2 Antoine Min 1 Airbus EYYW 2 LIP6 APR 20 february

925 views • 64 slides

State sequence prediction in imprecise hidden Markov models Jasper De Bock & Gert de Cooman

State sequence prediction in imprecise hidden Markov models Jasper De Bock & Gert de Cooman 27 July 2011 Jasper De Bock & Gert de Cooman Jasper De Bock & Gert de Cooman Research group SYSTeMS Jasper De Bock Gert de Cooman Research

623 views • 39 slides