bsides delhi security automation for red and blue teams
TRANSCRIPT
![Page 1: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/1.jpg)
Security Automation for Red and Blue Teams
BSidesDelhi 2017
![Page 2: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/2.jpg)
#WHOAMI● Suraj Pratap● Sr SecOps Engineer in Zeotap GmbH● Bounty Hunter● Speaker at cocon, EuropeanSec● Write code in free time to automate
![Page 3: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/3.jpg)
Security Automation for Red and Blue Teams
![Page 4: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/4.jpg)
Outline
● LifeCycle of servers and application● What are the Areas in lifecycle which we automate● Maximum use of open source technology
![Page 5: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/5.jpg)
ServersLifecycle
Image source: jumpcloud.com
![Page 6: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/6.jpg)
Applicationlifecycle
Image:checkmarx.com
![Page 7: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/7.jpg)
Why I automateSingle Human Resource
600+ servers
10+ application
Cloud Infra (AWS +GCP)
Compliance
![Page 8: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/8.jpg)
Challenges
● Human capacity● Tool selection and fitment● Time ● Cost
![Page 9: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/9.jpg)
What I automated
● Infrastructure security automation● Security Audit Automation ● Offensive security automation● Vulnerability Management Automation● SIEM
![Page 10: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/10.jpg)
Infrastructure security automation
● Hardening automation based on CIS benchmarks
○ server hardening based on cis benchmarks.
○ container hardening based on cis benchmarks.
○ firewall hardening.
● Tool used ○ Ansible
○ cloudformation
![Page 11: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/11.jpg)
Infrastructure security automation● Log management automation using open source tools
○ integration with logserver using open source tools
○ cloudtrails log management and integration with syslog server
● Tools
○ Rsyslog
○ s3sync
○ Ansible
○ ELK
![Page 12: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/12.jpg)
Infrastructure security automation
● Agent management using open source tools
○ agents management automation
○ agents/ app armor/ automation
● Tools○ Ansible
○ Apprmor
![Page 13: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/13.jpg)
Security Audit Automation ● Security audit automations using open source tools
● Report fetching automation
● Host based intrusion detection automation
● Cloud Security (AWS) audit automation
● Tools
○ Scout2
○ Prowler
○ OSSEC
○ Ansible
![Page 14: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/14.jpg)
Offensive security automation
● Network scanning automation
○ vulnerability scanning and network discovery
● Application security scanning automation
○ vulnerability scanning
● Tools
○ OpenVas
○ Jenkins
○ Zap
![Page 15: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/15.jpg)
Offensive security automation
● Source code review automation
○ static code analysis using open source tools
● Tools
○ Sonarqube
○ jenkins
![Page 16: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/16.jpg)
![Page 17: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/17.jpg)
Vulnerability Management Automation● Vulnerability management using open source tools
○ Dashboard for vulnerability management
○ Network and application security
● Integration with ticketing tools
○ integration with ticketing tools like jira and manage engine
● Tools
○ Dradis
○ Vulnreport.io
![Page 18: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/18.jpg)
![Page 19: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/19.jpg)
![Page 20: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/20.jpg)
Security event monitoring
● Setting up SIEM tool
○ setup siem tools for cloud and on prim
○ integration with syslogs server and cloudtrails
● Automation of alert system
○ setting up basic rules for siem
○ setting security dashboard
○ setting alert system for security events/alarms
![Page 21: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/21.jpg)
![Page 22: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/22.jpg)
![Page 23: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/23.jpg)
![Page 24: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/24.jpg)
Security event monitoring
● Tools
○ Alienvault
○ ELK
![Page 25: Bsides Delhi Security Automation for Red and Blue Teams](https://reader031.vdocument.in/reader031/viewer/2022022415/5a656db57f8b9a931a8b54c5/html5/thumbnails/25.jpg)
QASent your questions
Email: [email protected]
Twitter: @surajraghuvansh
Github: https://github.com/surajraghuvanshi/