![Page 1: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/1.jpg)
Fighting the Good Fight
Reactive Security in a DDOS World
![Page 2: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/2.jpg)
Presented by:
Michael Ward - Network Security Data Officer
UT Chattanooga
https://slug.utc.edu
![Page 3: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/3.jpg)
Additional Information by:
Christopher Howard - Director, Network Engineering
Michael Dinkins - Senior Information Security Officer
&&
Jeff Kell - Too many to list....
![Page 4: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/4.jpg)
Follow your company's policies and
procedures!
Get a CYA letter signed by your CIO!
Never react in anger or pride!
You are responsible for any damage you
cause!
![Page 5: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/5.jpg)
Reacting Without Invoking the Wrath of the Skiddies
● Safety First. Backup. Verify. Test.
● Use “Drop” instead of “Reset”
● Practice Defense in Depth. Security is about layers.
● Put honeypots “outside” your firewall. Do recon “outside” your firewall.
● Enable host based detection with passive reaction. Whitelists!!
● Perform centralized logging and correlation.
● Do analysis in virtualized or isolated environments. Connect via remote access.
● Do not make contact with a “hacker” or “script kiddie.”
● Report your findings as appropriate.
![Page 6: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/6.jpg)
What is a DDOS?
When the bad guys bring down your site(s) by using a distributed denial of service
(DDOS) attack. Usually performed by a BotNet or Zombie Horde.
Why?
● Financial Gain
● Differences in Philosophy
● Just for the LoLs
Example: Distributed DNS Amplification Attack, NTP, TFTP.
![Page 7: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/7.jpg)
https://www.stateoftheinternet.com/downloads/pdfs/Q2-2015-SOTI-Executive-Summary.pdf
![Page 8: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/8.jpg)
http://securityaffairs.co/wordpress/37819/cyber-crime/cost-of-ddos-attacks.html
![Page 9: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/9.jpg)
More Information on DDoS● https://en.wikipedia.org/wiki/Denial-of-service_attack
● http://www.digitalattackmap.com/
● https://www.fortinet.com/sites/default/files/whitepapers/DDoS-Attack-Mitigation-
Demystified.pdf
![Page 10: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/10.jpg)
Network Security Monitoring: Network Based● https://www.snort.org/ (Grand Daddy. Signature Based. SINGLE THREADED!)
● http://oisf.net/suricata/
● https://www.bro.org/
● https://quadrantsec.com/sagan_log_analysis_engine/
![Page 11: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/11.jpg)
Network Security Monitoring: Host Based
● http://ossec.github.io/ (Linux, Windows. Signature and File Signing. Blocking)
● http://aide.sourceforge.net/ (Linux, BSD. File Signing)
● https://sourceforge.net/projects/logwatch/files/ (Linux. Signature)
● http://www.fail2ban.org/ (Linux. Signature. Blocking)
● http://www.bfguard.com/ (Windows. Signature. Blocking)
● http://nerderies.blogspot.com/ (Windows. RDP. Blocking)
![Page 12: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/12.jpg)
Network Security Monitoring: Honeypots
● http://labrea.sourceforge.net/ (Tarpit Honeypot)
● http://dtag-dev-sec.github.io/ (T-Pot Multiple Honeypot ISO)
● http://bruteforce.gr/honeydrive (Multiple Honeypot VM)
● http://www.atomicsoftwaresolutions.com/ (Windows Based)
● https://github.com/micheloosterhof/cowrie (SSH)
● https://www.honerix.com/ (Web Attack Honeypot)
● http://threatstream.github.io/mhn/ (Manage Multiple Honeypot Servers)
![Page 13: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/13.jpg)
Network Security Monitoring: Centralized Logging
● Setup A Centralized Syslog Server - http://www.rsyslog.com/receiving-messages-
from-a-remote-system/
● Forward Linux Syslog to Central Server - http://www.rsyslog.com/sending-
messages-to-a-remote-syslog-server/
● Windows Events to Central Server - http://www.solarwinds.
com/products/freetools/log-forwarder.aspx#
● Forward WiFi Access!
● Monitor Syslog Server Disk Space. Rotate Logs w/Compression. https://support.
rackspace.com/how-to/understanding-logrotate-utility/
![Page 14: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/14.jpg)
Network Security Monitoring: Snorby
![Page 15: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/15.jpg)
Network Security Monitoring: Kibana
![Page 16: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/16.jpg)
Network Security Monitoring: The Security Onion
● “All in One” Solution VM or ISO.
● Network and Host based Intrusion Detection Systems (Snort, OSSEC)
● Log Capture (Syslog)
● Event Correlation and Analysis (Kibana, ElasticSearch, Bro, Suricata,...)
● Packet Capture (tcpdump)
● https://github.com/Security-Onion-Solutions/security-
onion/wiki/IntroductionToSecurityOnion
![Page 17: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/17.jpg)
Intermission 1: Shodan.io
● https://account.shodan.io/register (email [email protected] for an free upgrade to
your educational account
● Find vulnerable services on your network and ports you didn’t know were open.
● Book by the creator of Shodan https://leanpub.com/shodan
● https://www.defcon.org/images/defcon-18/dc-18-presentations/Schearer/DEFCON-
18-Schearer-SHODAN.pdf
● https://www.youtube.com/watch?v=XB-vjRCwa9E
● Google redirects to Shodan
![Page 18: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/18.jpg)
Reactive Security Example: Labrea Tarpit
Labrea - Catch’ Em. http://labrea.sourceforge.net/
Snort - Watch’ Em. https://snort.org/
SnortSam - Block’ Em. http://www.snortsam.net/
2016/01/28, 20:11:18, 150.xxx, 2, snortsam, Blocking host
111.255.75.82 completely for 3600 seconds (Sig_ID:
3133700).
2016/01/28, 20:11:54, 150.xxx, 2, snortsam, Blocking host
222.189.40.171 completely for 3600 seconds (Sig_ID:
3133700).
2016/01/28, 20:12:05, -, 2, snortsam, Removing 3600 sec
complete block for host 58.214.233.179.
2016/01/28, 20:12:17, -, 2, snortsam, Removing 3600 sec
complete block for host 142.54.180.154.
Tarpit Count: 03/15 00.00.00-08:54:21
178 3389
120 5900
118 25
99 22
61 443
49 80
47 23
24 902
24 49919
23 8080
17 11211
![Page 19: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/19.jpg)
Reactive Security Example: Cowrie and Dshield
Cowrie (Kippo) Honeypot
https://www.dshield.org/howto.html (Ports, SSH, and 404 Errors)
https://isc.sans.edu/diary/Dockerized+DShield+SSH+Honeypot/20845
![Page 20: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/20.jpg)
Reactive Security Example: OSSEC Active Response
![Page 21: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/21.jpg)
Reactive Security Example: UFW and DShield
https://isc.sans.edu/howto.html
https://isc.sans.edu/clients/ubuntu.html
![Page 22: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/22.jpg)
Reactive Security Example: Top 20 Dshield Block List
# This list summarizes the top 20 attacking class C (/24) subnets
# over the last three days. The number of 'attacks' indicates the
# number of targets reporting scans from this subnet.
https://isc.sans.edu/block.txt https://zeltser.com/malicious-ip-blocklists/
https://isc.sans.
edu/forums/diary/Subscribing+to+the+DShield+Top+20+on+a+Palo+Alto+Networks+F
irewall/19365/
https://cyber-defense.sans.org/blog/2011/10/25/windows-firewall-script-block-addresses-
network-ranges
http://www.cyberciti.biz/faq/iptables-read-and-block-ips-subnets-from-text-file/
![Page 23: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/23.jpg)
Reactive Security Example: Fail2Ban
Utilizes host firewall (IPTables)
http://www.fail2ban.org/
2016-02-01 14:18:18,916 fail2ban.actions[26095]: WARNING [apache-badbots] Ban 61.148.124.38
2016-02-01 15:04:59,542 fail2ban.actions[26095]: WARNING [apache-badbots] Unban 61.148.124.38
2016-01-26 07:19:45,872 fail2ban.actions[26095]: WARNING [apache-badbots] Ban 173.161.52.213
2016-01-26 08:06:26,419 fail2ban.actions[26095]: WARNING [apache-badbots] Unban 173.161.52.213
...
2016-03-16 10:17:34,507 fail2ban.actions[26095]: WARNING [spam] Ban 107.179.1.66
2016-03-16 10:45:03,250 fail2ban.actions[26095]: WARNING [spam] Ban 81.38.220.162
2016-03-16 10:48:54,225 fail2ban.actions[26095]: WARNING [spam] Ban 94.98.79.202
![Page 24: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/24.jpg)
Reactive Security Example: LogWatch
![Page 25: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/25.jpg)
Reactive Security Example: Syslog, Cron, and Grep
![Page 26: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/26.jpg)
Reactive Security Example: Phishing
![Page 27: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/27.jpg)
Reactive Security Example: Phishing Cont.
![Page 28: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/28.jpg)
Reactive Security Example: Phishing Cont.
![Page 29: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/29.jpg)
Reactive Security Example: Phishing Cont.
![Page 30: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/30.jpg)
Reactive Security Example: Phishing Cont.
![Page 31: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/31.jpg)
Reactive Security Example: Phishing Cont.
![Page 32: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/32.jpg)
Reactive Security Example: Phishing Cont.
![Page 33: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/33.jpg)
Reactive Security Example: Phishing Cont.
![Page 34: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/34.jpg)
Reactive Security Example: Phishing Cont.
When sending email do not
include phishing links as text as
good spam filters will prevent
delivery. Instead send image files
or pdfs.
![Page 35: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/35.jpg)
Reactive Security Example: Phishing Cont.
![Page 36: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/36.jpg)
Intermission 2: What To Read
● http://www.newsnow.co.uk/h/Industry+Sectors/Information+Technology/Security
● https://www.reddit.com/r/netsec/
● https://www.reddit.com/r/sysadmin/
● https://www.reddit.com/r/computerforensics
● https://www.reddit.com/r/Malware
● https://news.ycombinator.com/newest
● https://www.grahamcluley.com/
● http://insecure.org/news/fulldisclosure/ (Sign Up)
● https://www.sans.org/newsletters/newsbites/
● Twitter: @edskoudis @e_kaspersky @GabeAul @SGgrc @NakedSecurity @gcluley @msftsecurity
@briankrebs @Carlos_Perez @thurrott @hdmoore @USCERT_gov @sans_isc @schneierblog
![Page 37: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/37.jpg)
Reactive Security Example: Cowrie Binaries
![Page 38: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/38.jpg)
Reactive Security Example: Cowrie Binaries Cont.
![Page 39: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/39.jpg)
![Page 40: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/40.jpg)
![Page 41: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/41.jpg)
![Page 42: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/42.jpg)
Reactive Security Example: Cowrie Binaries Cont.
![Page 43: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/43.jpg)
Reactive Security Example: Cowrie Binaries Cont.
![Page 44: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/44.jpg)
Reactive Security Example: Cowrie Binaries Cont.
![Page 45: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/45.jpg)
Reactive Security Example: Cowrie Binaries Cont.
![Page 46: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/46.jpg)
Reactive Security Example: Cowrie Binaries Cont.
![Page 47: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/47.jpg)
Reactive Security Example: Cowrie Binaries Cont.
![Page 48: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/48.jpg)
Reactive Security Example: Cowrie Binaries Cont.
![Page 49: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/49.jpg)
Reactive Security Example: Cowrie Binaries Cont.
http://www.ircbeginner.com/ircinfo/ircc-commands.html
Time to email [email protected] with gathered data in PDF form.
![Page 50: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/50.jpg)
Reactive Security Example: Submit What You’ve Found
● Follow Your Company’s Policies and Procedures!
● http://www.ic3.gov/default.aspx
● https://www.justice.gov/criminal-ccips/reporting-computer-internet-related-or-intellectual-property-crime
● https://isc.sans.edu/contact.html
● https://www.shadowserver.org/wiki/pmwiki.php/Involve/SubmitABotnet
![Page 51: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/51.jpg)
Reactive Security: Online Resources
● https://zeltser.com/automated-malware-analysis/
● http://www.malware-analyzer.com/#!analysis-tools/galleryPage
● https://exchange.xforce.ibmcloud.com/
● http://www.amanhardikar.com/mindmaps/ForensicChallenges.html
● http://downdetector.com/
● http://www.toolswatch.org/
● https://www.kali.org/
● http://digital-forensics.sans.org/community/downloads
● http://www.docspal.com/viewer
● http://www.gfi.com/blog/the-sys-admins-compendium-of-cheat-sheets-quick-reference-cards-and-one-
pagers/
![Page 52: Fighting the Good Fight - Slug · 2020. 2. 4. · Put honeypots “outside” your firewall. Do recon “outside” your firewall. ... When the bad guys bring down your site(s) by](https://reader035.vdocument.in/reader035/viewer/2022071216/604714753e44236cf55bee7f/html5/thumbnails/52.jpg)
New Find: Heralding Honeypot
https://www.honeynet.org/node/1321