What a fun day! Thanks to all who attended my session at the Northern Ohio Security Summit “TRUE CRIME – the first 48 hours in your network” it was a packed house!
As promised, here are some resources to enable you to LIGHT up your network.
Feel free to hit me up on Linkedin with any questions.
Link to presentation – TimRoth_ClevelandSecuritySummit10_26
XBOX HACKERS
https://www.wired.com/story/xbox-underground-videogame-hackers/
https://darknetdiaries.com/episode/45/TimRoth_ClevelandSecuritySummit10_26
->Interrogating the Network (means to pull data from the network)
Means to enable packet capture – just an example
Packet Capture in Cisco Router and Switches
Netflow
Application visibility with Netflow (NO FIREROUTER required)
Available IPIX/NETFLOW records
->Collecting the Artifacts (means to collect the data)
1.Flow Collection
ELK Stack – collection of Netflow with ELK Stack + ElasticFlow
https://github.com/robcowart/elastiflow/blob/master/INSTALL.md
Setup Elastiflow (Netflow visual tool for ELK Stack)
https://www.catapultsystems.com/blogs/install-elastiflow-on-ubuntu-18-04-part-1/
https://www.catapultsystems.com/blogs/install-elastiflow-on-ubuntu-18-04-part-2/
https://www.catapultsystems.com/blogs/install-elastiflow-on-ubuntu-18-04-part-3/
2.Packet Collection
SNORT
Run snort on your Cisco Router
ZEEK/BRO
An Introduction to Threat Hunting With Zeek (Bro)
ETA/JOY – encrypted traffic analytics
Presentation on Cisco ETA/Project Joy
Slide Deck – Cisco ETA/Project Joy
Resources Referenced
TALOS BLOG –
https://talosintelligence.com/
https://talosintelligence.com/software (Open Source Projects – Snort, Immunet)
Books Referenced
https://www.amazon.com/Network-Security-Through-Data-Analysis/dp/1449357903
https://www.amazon.com/Network-Security-NetFlow-IPFIX-Information/dp/1587144387
