Upload File

cansecwest 2014 presentation: "intelligent use of intelligence: design to discover"

  • Home
  • Technology
  • CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"
37
INTELLIGENT USE OF INTELLIGENCE DESIGN TO DISCOVER CanSecWest 2014 Ping Yan : @pingpingya & Thibault Reuille : @ThibaultReuille 1 Monday, March 17, 14

Upload: opendns

Post on 18-Dec-2014

1.277 views

Category:

Technology


4 download

Report

DESCRIPTION

 

TRANSCRIPT

Page 1: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

INTELLIGENT USE OF INTELLIGENCE

DESIGN TO DISCOVERCanSecWest 2014

Ping Yan : @pingpingya&

Thibault Reuille : @ThibaultReuille

1

Monday, March 17, 14

Page 2: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

PING@pingpingya

Data Mining, Machine Learning

InfoSec2

Monday, March 17, 14

Page 3: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

THIBAULT

Parisian, moved to Cali in 2010

Security and Visualization ?

Demoscene rocks !3

Monday, March 17, 14

Page 4: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

4

Monday, March 17, 14

Page 5: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

AGENDA

01100100011000010111010001100001

Use cases - Cryptolocker

Conclusion

5

Big Data

Intelligence

Monday, March 17, 14

Page 6: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

6

Continuous monitoring of everything? Yeah, sure …

data != intelligence

THE HAYSTACK PROBLEM

Monday, March 17, 14

Page 7: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

7

Monday, March 17, 14

Page 8: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

8

Monday, March 17, 14

Page 9: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

8

Monday, March 17, 14

Page 10: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

9

Monday, March 17, 14

Page 11: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

10

EXPLORATION PROCESS

Monday, March 17, 14

Page 12: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

10

seed

EXPLORATION PROCESS

Monday, March 17, 14

Page 13: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

10

seed

EXPLORATION PROCESS

Monday, March 17, 14

Page 14: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

10

seed

EXPLORATION PROCESS

Monday, March 17, 14

Page 15: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

10

seed

EXPLORATION PROCESS

Monday, March 17, 14

Page 16: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

10

seed Raw

Refined

EXPLORATION PROCESS

Monday, March 17, 14

Page 17: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

10

seed Raw

Refined

Intelligence

EXPLORATION PROCESS

Monday, March 17, 14

Page 18: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

11

TIME SPACE

TRANSACTIONS/NETWORK Hunches

spiked in the past hour? clustered by geo?

Alice talked to Bob?

4-D APPROACH TO DATA

Monday, March 17, 14

Page 19: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

12

22+

OPENDNS’S HAYSTACK

Monday, March 17, 14

Page 20: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

13

Monday, March 17, 14

Page 21: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

14

3D view !

Monday, March 17, 14

Page 22: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

15

Security Graph 3D

Monday, March 17, 14

Page 23: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

FRAMEWORK

16

Data Extraction

Monday, March 17, 14

Page 24: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

FRAMEWORK

17

Visualization Engine

Monday, March 17, 14

Page 25: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

PARTICLE PHYSICS

18

Force Directed Layout

Monday, March 17, 14

Page 26: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

PARTICLES

19

Monday, March 17, 14

Page 27: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

WHY ?Shape Algorithms populate our knowledge graph Creation is understood, output is complex Layout defined by model structure Closer to the “natural shape” of data Take advantage of the GPU to untangle information

Evolution Security Graph is dynamic, constantly changing Monitoring evolution over time

Investigation Humans are better at processing shapes than numbers Solid tool to build hypothesis / heuristics

20

Monday, March 17, 14

Page 28: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

NATURAL CLUSTERING

21

Malicious domains hosting Nuclear exploit kits (pink) to Hosting IPs (Yellow) graph

Monday, March 17, 14

Page 29: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

1. Infection2. Retrieve encryption key from CnC3. Encrypt data files4. Collect money

IP CnC fails quickly

DGA!

22

USE CASE #2 : CRYPTOLOCKER

Monday, March 17, 14

Page 30: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

23

Monday, March 17, 14

Page 31: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

24

CO-OCCURRENCES

Monday, March 17, 14

Page 32: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

CO-OCCURRENCES

25

Monday, March 17, 14

Page 33: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

ALGORITHM

26

Monday, March 17, 14

Page 34: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

Ripple Effect on Co-occurrences

27

Monday, March 17, 14

Page 35: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

USE CASE #3

28

Random Walk Live Demo

Monday, March 17, 14

Page 36: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

FUTURE WORK

Over-TimeVisualizing data evolution over time (Currently in development)

ScalingPort Force-Directed algorithm to OpenCL

DetectionThreat pattern detection (Find sub-graph inside Security Graph)

Example: DGA “nests”

Modern Human-Computer interactionLeap Motion, Oculus, 3D glasses ...

29

Monday, March 17, 14

Page 37: CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Discover"

[email protected]

@pingpingya

[email protected]

@ThibaultReuillethibaultreuille.tumblr.com

Bloghttp://labs.umbrella.com

30

Monday, March 17, 14

mailto:[email protected]
mailto:[email protected]
https://twitter.com/pingpingya
https://twitter.com/pingpingya
mailto:[email protected]
mailto:[email protected]
https://twitter.com/pingpingya
https://twitter.com/pingpingya

Mudge CanSecWest 2013 1 Distribution A: Approved for Public Release, Distribution Unlimited

intelligent MACHINE CONTROL DOZERSRead all about Komatsu’s revolutionary intelligent Machine Control dozers and how they can maximize production and lower costs. NEW PRODUCT Discover

Reliable Windows Heap Exploits Matt Conover & Oded Horovitz CanSecWest 2004

Company Profile · business intelligence software. ZYGY is an Artificial Intelligence (AI) technology, Intelligent Agent that emulates human cognitive activities to discover findings

The intelligent Etac E800 range of powerchairs future of independent powerchair living with the intelligent Etac E800 range discover From the Scandinavian specialists behind the world’s

1 Copyright © 2011 Juniper Networks, Inc. AppSecure Brad Woodberg, Juniper Networks [email protected] CanSecWest 2011 Network Application

Reverse Engineering Malicious Javascript - CanSecWest

Intelligent Safety Technologies to Drive Towards …...analytics and smart planet infrastructure such as sensors, GPS devices, Mobile devices and smart meters. Specifically, discover

Watson Knowledge Catalog - PR3 Systems · 2018-11-15 · Knowledge Catalog Watson Studio Build, Deploy, Learn Discover Intelligent discovery of data with advanced classification and

Playing with network layers to bypass firewalls - CanSecWest

Smart TV Security - CanSecWest Applied Security Conference

Exploitation - CanSecWest

Web Wreck-utation - CanSecWest 2008

Corey Benninger Max Sobell - CanSecWest

Discover more, discover faster. - Linguamatics

Individual. Intuitive. Intelligent.tools.thermofisher.com/content/sfs/brochures/BR-HAAKE-Vi...Individual. Intuitive. Intelligent. Discover the difference. Thermo Scientific HAAKE Viscotester

Drawing pictures from code CanSecWest 2002 Halvar Flake Reverse Engineer Blackhat Consulting Graph-Based Binary Analysis

Movement made easy. Discover the advantages of intelligent ... · and making completely new demands on mobility. Social developments ... new mobility concepts but also a holistic

1 © Mandiant, a FireEye Company. All rights reserved. CONFIDENTIAL THERE’S SOMETHING ABOUT WMI CANSECWEST 2015

Local Privilege Escalation By Hijacking The VMware VMX Process Sun Bing [email protected] CanSecWest 26 th MAR 2008

Learning analytics is the use of intelligent data, learner-produced data, and analysis models to discover information and social connections, and to predict

Insiders View: Network Security Devices - CanSecWest Applied

Technical Support Appliance (TSA) - APSU · • Technical support appliance can discover data from critical systems connected to a network. • Through intelligent and advanced analytics,

Virtually Secure Oded Horovitz VMware R&D CanSecWest March, 2008

CanSecWest 2013 - iOS 6 Exploitation 280 Days Later

Discover Leadership / Discover Excellence / Discover Success

THE NEW BMW 5 SERIES SALOON. - time4leasing.co.uk · discover ultimate driving pleasure: the unique combination of elegant and dynamic design, intelligent bmw technologies and innovative

Black Box Auditing Adobe Shockwave Aaron Portnoy and Logan Brown, TippingPoint DVLabs March 9 th, 2011: CanSecWest

SMB Innovation Summit 2019 Internal | SAP Employees and ... · Discover the Intelligent Enterprise in SME Mario Fetzner, SME Partner Innovation Management - MEE Marco Mondino, SME

LIVE FREE ORHACK HARD - CanSecWest · • Ruby shell available at any time. CANSECWEST 2007 scalability ... • timestomp (f*off Encase) ... • Write security tools as modules

Virtually Secure Oded Horovitz VMware R&D CanSecWest March, 2008

Attacking Web Services - CanSecWest

INDUSTRY X.0 CENTER · 2019-07-02 · Industry X.0 Center Intelligent and Cybersecure Industry We invite you to discover the new Industry X.0 Center in Bilbao, dedicated to intelligent

Discover the benefits of flexible global care ......Intelligent solutions 46.02.430.1-APHK D (10/14) Discover the benefits of flexible ... Product summary 4 Benefits schedule 6 Questions

The netFLEX legacy & next generation netFLEX · 2018. 7. 10. · ˜ Coriant ˜ Fujitsu ˜ Infinera ˜ Juniper ˜ Nokia Discover & Analyze ˜ 200+ varied NE’s Intelligent, Carrier