�ݺ�ߣshows by User: jasontrost

�ݺ�ߣshows by User: jasontrost / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: jasontrost / Fri, 16 Sep 2016 12:12:48 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: jasontrost Anomali Detect 2016 - Borderless Threat Intelligence /jasontrost/anomali-detect-2016-borderless-threat-intelligence anomalidetectborderlessthreatintelligence-final-160916121249
Self and supply chain monitoring using External Threat Intelligence. Presented at Anomali Detect 2016.]]>
Self and supply chain monitoring using External Threat Intelligence. Presented at Anomali Detect 2016.]]> Fri, 16 Sep 2016 12:12:48 GMT /jasontrost/anomali-detect-2016-borderless-threat-intelligence jasontrost@slideshare.net(jasontrost) Anomali Detect 2016 - Borderless Threat Intelligence jasontrost Self and supply chain monitoring using External Threat Intelligence. Presented at Anomali Detect 2016. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/anomalidetectborderlessthreatintelligence-final-160916121249-thumbnail.jpg?width=120&height=120&fit=bounds" /> Self and supply chain monitoring using External Threat Intelligence. Presented at Anomali Detect 2016.

Anomali Detect 2016 - Borderless Threat Intelligence from Jason Trost

]]> 949 7 https://cdn.slidesharecdn.com/ss_thumbnails/anomalidetectborderlessthreatintelligence-final-160916121249-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 R-CISC Summit 2016 Borderless Threat Intelligence /slideshow/rcisc-summit-2016-borderless-threat-intelligence/66093304 r-cisc2016-selfandsupplychainmonitoringv1-160916121214
Self and supply chain monitoring using External Threat Intelligence. Presented at R-CISC Summit 2016.]]>
Self and supply chain monitoring using External Threat Intelligence. Presented at R-CISC Summit 2016.]]> Fri, 16 Sep 2016 12:12:14 GMT /slideshow/rcisc-summit-2016-borderless-threat-intelligence/66093304 jasontrost@slideshare.net(jasontrost) R-CISC Summit 2016 Borderless Threat Intelligence jasontrost Self and supply chain monitoring using External Threat Intelligence. Presented at R-CISC Summit 2016. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/r-cisc2016-selfandsupplychainmonitoringv1-160916121214-thumbnail.jpg?width=120&height=120&fit=bounds" /> Self and supply chain monitoring using External Threat Intelligence. Presented at R-CISC Summit 2016.

R-CISC Summit 2016 Borderless Threat Intelligence from Jason Trost

]]> 20587 8 https://cdn.slidesharecdn.com/ss_thumbnails/r-cisc2016-selfandsupplychainmonitoringv1-160916121214-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 SANS CTI Summit 2016 Borderless Threat Intelligence /slideshow/sans-cti-summit-2016-borderless-threat-intelligence/57998371 sansctisummit2016-borderlessthreatintelligence-final-160208102250
This past year was the year of the data breach. Large and small organizations across every industry vertical were impacted by compromises that ranged from theft of PII, intellectual property, and financial information to publication of entire backend databases and email spools. The data from these breaches often wound up being exposed publicly, exchanged or sold on underground markets, or simply leveraged to breach other organizations. Many of these breaches have cascading effects due to the transitive nature of security that exists across many companies. Many companies rely on critical business partners, subsidiaries, and other organizations whose services are trusted. Also, due to password reuse customers accounts included in a 3rd party data dump could enable unauthorized access to another business's assets. In this talk we outline through case studies several ways that Threat Intelligence is being used today to improve the security and awareness of organizations by monitoring "supply chain" partners, customers, and trusted 3rd parties. Specifically we will discuss brand monitoring, mass credential compromises, signs of infection/compromise, and signs of targeting and social networking data-mining. We will outline how organizations can effectively integrate this practice into their existing security programs.]]>
This past year was the year of the data breach. Large and small organizations across every industry vertical were impacted by compromises that ranged from theft of PII, intellectual property, and financial information to publication of entire backend databases and email spools. The data from these breaches often wound up being exposed publicly, exchanged or sold on underground markets, or simply leveraged to breach other organizations. Many of these breaches have cascading effects due to the transitive nature of security that exists across many companies. Many companies rely on critical business partners, subsidiaries, and other organizations whose services are trusted. Also, due to password reuse customers accounts included in a 3rd party data dump could enable unauthorized access to another business's assets. In this talk we outline through case studies several ways that Threat Intelligence is being used today to improve the security and awareness of organizations by monitoring "supply chain" partners, customers, and trusted 3rd parties. Specifically we will discuss brand monitoring, mass credential compromises, signs of infection/compromise, and signs of targeting and social networking data-mining. We will outline how organizations can effectively integrate this practice into their existing security programs.]]> Mon, 08 Feb 2016 10:22:50 GMT /slideshow/sans-cti-summit-2016-borderless-threat-intelligence/57998371 jasontrost@slideshare.net(jasontrost) SANS CTI Summit 2016 Borderless Threat Intelligence jasontrost This past year was the year of the data breach. Large and small organizations across every industry vertical were impacted by compromises that ranged from theft of PII, intellectual property, and financial information to publication of entire backend databases and email spools. The data from these breaches often wound up being exposed publicly, exchanged or sold on underground markets, or simply leveraged to breach other organizations. Many of these breaches have cascading effects due to the transitive nature of security that exists across many companies. Many companies rely on critical business partners, subsidiaries, and other organizations whose services are trusted. Also, due to password reuse customers accounts included in a 3rd party data dump could enable unauthorized access to another business's assets. In this talk we outline through case studies several ways that Threat Intelligence is being used today to improve the security and awareness of organizations by monitoring "supply chain" partners, customers, and trusted 3rd parties. Specifically we will discuss brand monitoring, mass credential compromises, signs of infection/compromise, and signs of targeting and social networking data-mining. We will outline how organizations can effectively integrate this practice into their existing security programs. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/sansctisummit2016-borderlessthreatintelligence-final-160208102250-thumbnail.jpg?width=120&height=120&fit=bounds" /> This past year was the year of the data breach. Large and small organizations across every industry vertical were impacted by compromises that ranged from theft of PII, intellectual property, and financial information to publication of entire backend databases and email spools. The data from these breaches often wound up being exposed publicly, exchanged or sold on underground markets, or simply leveraged to breach other organizations. Many of these breaches have cascading effects due to the transitive nature of security that exists across many companies. Many companies rely on critical business partners, subsidiaries, and other organizations whose services are trusted. Also, due to password reuse customers accounts included in a 3rd party data dump could enable unauthorized access to another business's assets. In this talk we outline through case studies several ways that Threat Intelligence is being used today to improve the security and awareness of organizations by monitoring "supply chain" partners, customers, and trusted 3rd parties. Specifically we will discuss brand monitoring, mass credential compromises, signs of infection/compromise, and signs of targeting and social networking data-mining. We will outline how organizations can effectively integrate this practice into their existing security programs.

SANS CTI Summit 2016 Borderless Threat Intelligence from Jason Trost

]]> 2779 8 https://cdn.slidesharecdn.com/ss_thumbnails/sansctisummit2016-borderlessthreatintelligence-final-160208102250-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes /slideshow/bsidesnyc-an-adversarial-view-of-saas-malware-sandboxes/57142007 bsidesnyc-anadversarialviewofmalwaresandboxes-v5-160117094851
Anyone attending this conference knows the usefulness of running malware in a sandbox to perform triage, speed security analysts' workflow, extract indicators of compromise (IOCs), and to gather useful information for detection and mitigation. When analysts do this, what are the OPSEC concerns regarding tipping the adversary off? Which sandbox providers are better than others in this regard? In this talk we will present some research on taking an adversarial view of the free and widely used SaaS malware sandboxes. When an adversary's malware is detonated in a sandbox, what network artifacts can they see? Can they determine which sandbox provider based on the network? How do malware and related IOCs submitted to these sandboxes propagate to security companies and ultimately threat intelligence feeds? In this talk, we will answer all these questions and more.]]>
Anyone attending this conference knows the usefulness of running malware in a sandbox to perform triage, speed security analysts' workflow, extract indicators of compromise (IOCs), and to gather useful information for detection and mitigation. When analysts do this, what are the OPSEC concerns regarding tipping the adversary off? Which sandbox providers are better than others in this regard? In this talk we will present some research on taking an adversarial view of the free and widely used SaaS malware sandboxes. When an adversary's malware is detonated in a sandbox, what network artifacts can they see? Can they determine which sandbox provider based on the network? How do malware and related IOCs submitted to these sandboxes propagate to security companies and ultimately threat intelligence feeds? In this talk, we will answer all these questions and more.]]> Sun, 17 Jan 2016 09:48:51 GMT /slideshow/bsidesnyc-an-adversarial-view-of-saas-malware-sandboxes/57142007 jasontrost@slideshare.net(jasontrost) BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes jasontrost Anyone attending this conference knows the usefulness of running malware in a sandbox to perform triage, speed security analysts' workflow, extract indicators of compromise (IOCs), and to gather useful information for detection and mitigation. When analysts do this, what are the OPSEC concerns regarding tipping the adversary off? Which sandbox providers are better than others in this regard? In this talk we will present some research on taking an adversarial view of the free and widely used SaaS malware sandboxes. When an adversary's malware is detonated in a sandbox, what network artifacts can they see? Can they determine which sandbox provider based on the network? How do malware and related IOCs submitted to these sandboxes propagate to security companies and ultimately threat intelligence feeds? In this talk, we will answer all these questions and more. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/bsidesnyc-anadversarialviewofmalwaresandboxes-v5-160117094851-thumbnail.jpg?width=120&height=120&fit=bounds" /> Anyone attending this conference knows the usefulness of running malware in a sandbox to perform triage, speed security analysts' workflow, extract indicators of compromise (IOCs), and to gather useful information for detection and mitigation. When analysts do this, what are the OPSEC concerns regarding tipping the adversary off? Which sandbox providers are better than others in this regard? In this talk we will present some research on taking an adversarial view of the free and widely used SaaS malware sandboxes. When an adversary's malware is detonated in a sandbox, what network artifacts can they see? Can they determine which sandbox provider based on the network? How do malware and related IOCs submitted to these sandboxes propagate to security companies and ultimately threat intelligence feeds? In this talk, we will answer all these questions and more.

BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes from Jason Trost

]]> 1847 8 https://cdn.slidesharecdn.com/ss_thumbnails/bsidesnyc-anadversarialviewofmalwaresandboxes-v5-160117094851-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Distributed Sensor Data Contextualization for Threat Intelligence Analysis /slideshow/distributed-sensor-data-contextualization-for-threat-intelligence-analysis/57021566 flocon2016-threatstream-final-160113191521
As organizations operationalize diverse network sensors of various types, from passive sensors to DNS sinkholes to honeypots, there are many opportunities to combine this data for increased contextual awareness for network defense and threat intelligence analysis. In this presentation, we discuss our experiences by analyzing data collected from distributed honeypot sensors, p0f, snort/suricata, and botnet sinkholes as well as enrichments from PDNS and malware sandboxing. We talk through how we can answer the following questions in an automated fashion: What is the profile of the attacking system? Is the host scanning/attacking my network an infected workstation, an ephemeral scanning/exploitation box, or a compromised web server? If it is a compromised server, what are some possible vulnerabilities exploited by the attacker? What vulnerabilities (CVEs) has this attacker been seen exploiting in the wild and what tools do they drop? Is this attack part of a distributed campaign or is it limited to my network?]]>
As organizations operationalize diverse network sensors of various types, from passive sensors to DNS sinkholes to honeypots, there are many opportunities to combine this data for increased contextual awareness for network defense and threat intelligence analysis. In this presentation, we discuss our experiences by analyzing data collected from distributed honeypot sensors, p0f, snort/suricata, and botnet sinkholes as well as enrichments from PDNS and malware sandboxing. We talk through how we can answer the following questions in an automated fashion: What is the profile of the attacking system? Is the host scanning/attacking my network an infected workstation, an ephemeral scanning/exploitation box, or a compromised web server? If it is a compromised server, what are some possible vulnerabilities exploited by the attacker? What vulnerabilities (CVEs) has this attacker been seen exploiting in the wild and what tools do they drop? Is this attack part of a distributed campaign or is it limited to my network?]]> Wed, 13 Jan 2016 19:15:21 GMT /slideshow/distributed-sensor-data-contextualization-for-threat-intelligence-analysis/57021566 jasontrost@slideshare.net(jasontrost) Distributed Sensor Data Contextualization for Threat Intelligence Analysis jasontrost As organizations operationalize diverse network sensors of various types, from passive sensors to DNS sinkholes to honeypots, there are many opportunities to combine this data for increased contextual awareness for network defense and threat intelligence analysis. In this presentation, we discuss our experiences by analyzing data collected from distributed honeypot sensors, p0f, snort/suricata, and botnet sinkholes as well as enrichments from PDNS and malware sandboxing. We talk through how we can answer the following questions in an automated fashion: What is the profile of the attacking system? Is the host scanning/attacking my network an infected workstation, an ephemeral scanning/exploitation box, or a compromised web server? If it is a compromised server, what are some possible vulnerabilities exploited by the attacker? What vulnerabilities (CVEs) has this attacker been seen exploiting in the wild and what tools do they drop? Is this attack part of a distributed campaign or is it limited to my network? <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/flocon2016-threatstream-final-160113191521-thumbnail.jpg?width=120&height=120&fit=bounds" /> As organizations operationalize diverse network sensors of various types, from passive sensors to DNS sinkholes to honeypots, there are many opportunities to combine this data for increased contextual awareness for network defense and threat intelligence analysis. In this presentation, we discuss our experiences by analyzing data collected from distributed honeypot sensors, p0f, snort/suricata, and botnet sinkholes as well as enrichments from PDNS and malware sandboxing. We talk through how we can answer the following questions in an automated fashion: What is the profile of the attacking system? Is the host scanning/attacking my network an infected workstation, an ephemeral scanning/exploitation box, or a compromised web server? If it is a compromised server, what are some possible vulnerabilities exploited by the attacker? What vulnerabilities (CVEs) has this attacker been seen exploiting in the wild and what tools do they drop? Is this attack part of a distributed campaign or is it limited to my network?

Distributed Sensor Data Contextualization for Threat Intelligence Analysis from Jason Trost

]]> 1442 8 https://cdn.slidesharecdn.com/ss_thumbnails/flocon2016-threatstream-final-160113191521-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 An Adversarial View of SaaS Malware Sandboxes /slideshow/an-adversarial-view-of-saas-malware-sandboxes/54079831 bsidesdc-anadversarialviewofmalwaresandboxes-final-151018133623-lva1-app6892
Anyone attending this conference knows the usefulness of running malware in a sandbox to perform triage, speed security analysts' workflow, extract indicators of compromise (IOCs), and to gather useful information for detection and mitigation. When analysts do this, what are the OPSEC concerns regarding tipping the adversary off? Which sandbox providers are better than others in this regard? In this talk we will present some research on taking an adversarial view of the free and widely used SaaS malware sandboxes. When an adversary's malware is detonated in a sandbox, what network artifacts can they see? Can they determine which sandbox provider based on the network? How do malware and related IOCs submitted to these sandboxes propagate to security companies and ultimately threat intelligence feeds? In this talk, we will answer all these questions and more.]]>
Anyone attending this conference knows the usefulness of running malware in a sandbox to perform triage, speed security analysts' workflow, extract indicators of compromise (IOCs), and to gather useful information for detection and mitigation. When analysts do this, what are the OPSEC concerns regarding tipping the adversary off? Which sandbox providers are better than others in this regard? In this talk we will present some research on taking an adversarial view of the free and widely used SaaS malware sandboxes. When an adversary's malware is detonated in a sandbox, what network artifacts can they see? Can they determine which sandbox provider based on the network? How do malware and related IOCs submitted to these sandboxes propagate to security companies and ultimately threat intelligence feeds? In this talk, we will answer all these questions and more.]]> Sun, 18 Oct 2015 13:36:23 GMT /slideshow/an-adversarial-view-of-saas-malware-sandboxes/54079831 jasontrost@slideshare.net(jasontrost) An Adversarial View of SaaS Malware Sandboxes jasontrost Anyone attending this conference knows the usefulness of running malware in a sandbox to perform triage, speed security analysts' workflow, extract indicators of compromise (IOCs), and to gather useful information for detection and mitigation. When analysts do this, what are the OPSEC concerns regarding tipping the adversary off? Which sandbox providers are better than others in this regard? In this talk we will present some research on taking an adversarial view of the free and widely used SaaS malware sandboxes. When an adversary's malware is detonated in a sandbox, what network artifacts can they see? Can they determine which sandbox provider based on the network? How do malware and related IOCs submitted to these sandboxes propagate to security companies and ultimately threat intelligence feeds? In this talk, we will answer all these questions and more. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/bsidesdc-anadversarialviewofmalwaresandboxes-final-151018133623-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds" /> Anyone attending this conference knows the usefulness of running malware in a sandbox to perform triage, speed security analysts' workflow, extract indicators of compromise (IOCs), and to gather useful information for detection and mitigation. When analysts do this, what are the OPSEC concerns regarding tipping the adversary off? Which sandbox providers are better than others in this regard? In this talk we will present some research on taking an adversarial view of the free and widely used SaaS malware sandboxes. When an adversary's malware is detonated in a sandbox, what network artifacts can they see? Can they determine which sandbox provider based on the network? How do malware and related IOCs submitted to these sandboxes propagate to security companies and ultimately threat intelligence feeds? In this talk, we will answer all these questions and more.

An Adversarial View of SaaS Malware Sandboxes from Jason Trost

]]> 1521 8 https://cdn.slidesharecdn.com/ss_thumbnails/bsidesdc-anadversarialviewofmalwaresandboxes-final-151018133623-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open Source Tools /slideshow/deploying-managing-and-leveraging-honeypots-in-the-enterprise-using-open-source-tools/51634292 mhntrainingbsideslv2015-final-150814152418-lva1-app6892
2015 is turning out to be the most spectacular year of high profile compromises across almost every vertical and many companies are starting to consider new options to raise the bar for intrusion detection and incident response, including deploying honeypots. In this workshop we will present an overview of the current state of the art of leveraging open source tools to build a novel intrusion detection system inside the enterprise. We will discuss the pros/cons and ins/outs of several major open source honeypots as well as how to manage and deploy these sensors using the Modern Honey Network, Splunk, as well as integration into other systems such as ArcSight. We will discuss real world deployments of honeypots, what worked and what didn't as well as recommendations for getting the most out of these non-convention network sensors.]]>
2015 is turning out to be the most spectacular year of high profile compromises across almost every vertical and many companies are starting to consider new options to raise the bar for intrusion detection and incident response, including deploying honeypots. In this workshop we will present an overview of the current state of the art of leveraging open source tools to build a novel intrusion detection system inside the enterprise. We will discuss the pros/cons and ins/outs of several major open source honeypots as well as how to manage and deploy these sensors using the Modern Honey Network, Splunk, as well as integration into other systems such as ArcSight. We will discuss real world deployments of honeypots, what worked and what didn't as well as recommendations for getting the most out of these non-convention network sensors.]]> Fri, 14 Aug 2015 15:24:18 GMT /slideshow/deploying-managing-and-leveraging-honeypots-in-the-enterprise-using-open-source-tools/51634292 jasontrost@slideshare.net(jasontrost) Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open Source Tools jasontrost 2015 is turning out to be the most spectacular year of high profile compromises across almost every vertical and many companies are starting to consider new options to raise the bar for intrusion detection and incident response, including deploying honeypots. In this workshop we will present an overview of the current state of the art of leveraging open source tools to build a novel intrusion detection system inside the enterprise. We will discuss the pros/cons and ins/outs of several major open source honeypots as well as how to manage and deploy these sensors using the Modern Honey Network, Splunk, as well as integration into other systems such as ArcSight. We will discuss real world deployments of honeypots, what worked and what didn't as well as recommendations for getting the most out of these non-convention network sensors. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/mhntrainingbsideslv2015-final-150814152418-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds" /> 2015 is turning out to be the most spectacular year of high profile compromises across almost every vertical and many companies are starting to consider new options to raise the bar for intrusion detection and incident response, including deploying honeypots. In this workshop we will present an overview of the current state of the art of leveraging open source tools to build a novel intrusion detection system inside the enterprise. We will discuss the pros/cons and ins/outs of several major open source honeypots as well as how to manage and deploy these sensors using the Modern Honey Network, Splunk, as well as integration into other systems such as ArcSight. We will discuss real world deployments of honeypots, what worked and what didn't as well as recommendations for getting the most out of these non-convention network sensors.

Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open Source Tools from Jason Trost

]]> 12397 8 https://cdn.slidesharecdn.com/ss_thumbnails/mhntrainingbsideslv2015-final-150814152418-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds presentation 000000 http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Lessons Learned from Building and Running MHN, the World's Largest Crowdsourced Honeynet /slideshow/lessons-learned-from-building-and-running-mhn-the-worlds-largest-crowdsourced-honeynet/47631708 mhnbsidessftalk-final-150430195809-conversion-gate01
Honeypots are really useful for collecting security data for research, especially around botnets, scanning hosts, password brute forcers, and other misbehaving systems. They are also the cheapest way collect this data at scale. Deploying many types of honeypots across geo-diverse locations of the Internet improves the aggregate data quality and provides a holistic view. This provides insight into both global trends of attacks and network activity as well as the behaviors of individual malicious systems. For these reasons, we started the Modern Honey Network, which is both an open source (GPLv3) project and a community of hundreds of MHN servers that manage and aggregate data from thousands of heterogeneous honeypots (Dionaea, Kippo, Amun, Conpot, Wordpot, Shockpot, and Glastopf) and network sensors (Snort, Suricata, p0f) deployed by different individuals and organizations as a distributed sensor network. The project has turned into the largest crowdsourced honeynet in the world consisting of thousands of diverse sensors deployed across 35 countries and 5 continents worldwide. Sensors are operated by all sorts of people from hobbyists, to academic researchers, to Fortune 1000 companies. In this talk we will discuss our experience in starting this project, analyzing the data, and building a crowdsourced global sensor network for tracking security threats and gathering interesting data for research. We've found that lots of people like honeypots, especially if you give them a cool realtime visualization of their data and make it easy to setup; lots of organizations will share their data with you if it is part of a community; and lots of companies will deploy honeypots as additional network sensors, especially if you make it easy to deploy/manage/integrate with their existing security tools.]]>
Honeypots are really useful for collecting security data for research, especially around botnets, scanning hosts, password brute forcers, and other misbehaving systems. They are also the cheapest way collect this data at scale. Deploying many types of honeypots across geo-diverse locations of the Internet improves the aggregate data quality and provides a holistic view. This provides insight into both global trends of attacks and network activity as well as the behaviors of individual malicious systems. For these reasons, we started the Modern Honey Network, which is both an open source (GPLv3) project and a community of hundreds of MHN servers that manage and aggregate data from thousands of heterogeneous honeypots (Dionaea, Kippo, Amun, Conpot, Wordpot, Shockpot, and Glastopf) and network sensors (Snort, Suricata, p0f) deployed by different individuals and organizations as a distributed sensor network. The project has turned into the largest crowdsourced honeynet in the world consisting of thousands of diverse sensors deployed across 35 countries and 5 continents worldwide. Sensors are operated by all sorts of people from hobbyists, to academic researchers, to Fortune 1000 companies. In this talk we will discuss our experience in starting this project, analyzing the data, and building a crowdsourced global sensor network for tracking security threats and gathering interesting data for research. We've found that lots of people like honeypots, especially if you give them a cool realtime visualization of their data and make it easy to setup; lots of organizations will share their data with you if it is part of a community; and lots of companies will deploy honeypots as additional network sensors, especially if you make it easy to deploy/manage/integrate with their existing security tools.]]> Thu, 30 Apr 2015 19:58:08 GMT /slideshow/lessons-learned-from-building-and-running-mhn-the-worlds-largest-crowdsourced-honeynet/47631708 jasontrost@slideshare.net(jasontrost) Lessons Learned from Building and Running MHN, the World's Largest Crowdsourced Honeynet jasontrost Honeypots are really useful for collecting security data for research, especially around botnets, scanning hosts, password brute forcers, and other misbehaving systems. They are also the cheapest way collect this data at scale. Deploying many types of honeypots across geo-diverse locations of the Internet improves the aggregate data quality and provides a holistic view. This provides insight into both global trends of attacks and network activity as well as the behaviors of individual malicious systems. For these reasons, we started the Modern Honey Network, which is both an open source (GPLv3) project and a community of hundreds of MHN servers that manage and aggregate data from thousands of heterogeneous honeypots (Dionaea, Kippo, Amun, Conpot, Wordpot, Shockpot, and Glastopf) and network sensors (Snort, Suricata, p0f) deployed by different individuals and organizations as a distributed sensor network. The project has turned into the largest crowdsourced honeynet in the world consisting of thousands of diverse sensors deployed across 35 countries and 5 continents worldwide. Sensors are operated by all sorts of people from hobbyists, to academic researchers, to Fortune 1000 companies. In this talk we will discuss our experience in starting this project, analyzing the data, and building a crowdsourced global sensor network for tracking security threats and gathering interesting data for research. We've found that lots of people like honeypots, especially if you give them a cool realtime visualization of their data and make it easy to setup; lots of organizations will share their data with you if it is part of a community; and lots of companies will deploy honeypots as additional network sensors, especially if you make it easy to deploy/manage/integrate with their existing security tools. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/mhnbsidessftalk-final-150430195809-conversion-gate01-thumbnail.jpg?width=120&height=120&fit=bounds" /> Honeypots are really useful for collecting security data for research, especially around botnets, scanning hosts, password brute forcers, and other misbehaving systems. They are also the cheapest way collect this data at scale. Deploying many types of honeypots across geo-diverse locations of the Internet improves the aggregate data quality and provides a holistic view. This provides insight into both global trends of attacks and network activity as well as the behaviors of individual malicious systems. For these reasons, we started the Modern Honey Network, which is both an open source (GPLv3) project and a community of hundreds of MHN servers that manage and aggregate data from thousands of heterogeneous honeypots (Dionaea, Kippo, Amun, Conpot, Wordpot, Shockpot, and Glastopf) and network sensors (Snort, Suricata, p0f) deployed by different individuals and organizations as a distributed sensor network. The project has turned into the largest crowdsourced honeynet in the world consisting of thousands of diverse sensors deployed across 35 countries and 5 continents worldwide. Sensors are operated by all sorts of people from hobbyists, to academic researchers, to Fortune 1000 companies. In this talk we will discuss our experience in starting this project, analyzing the data, and building a crowdsourced global sensor network for tracking security threats and gathering interesting data for research. We've found that lots of people like honeypots, especially if you give them a cool realtime visualization of their data and make it easy to setup; lots of organizations will share their data with you if it is part of a community; and lots of companies will deploy honeypots as additional network sensors, especially if you make it easy to deploy/manage/integrate with their existing security tools.

Lessons Learned from Building and Running MHN, the World's Largest Crowdsourced Honeynet from Jason Trost

]]> 4115 7 https://cdn.slidesharecdn.com/ss_thumbnails/mhnbsidessftalk-final-150430195809-conversion-gate01-thumbnail.jpg?width=120&height=120&fit=bounds presentation 000000 http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Modern Honey Network at Bay Area Open Source Security Hackers /slideshow/mhn-sf-open-source-hacker-meetup-2014-0924/39528392 mhnsfopensourcehackermeetup2014-09-24-140925112000-phpapp01
Modern Honey Network talk presented at Bay Area Open Source Security Hackers on 2014-09-24.]]>
Modern Honey Network talk presented at Bay Area Open Source Security Hackers on 2014-09-24.]]> Thu, 25 Sep 2014 11:20:00 GMT /slideshow/mhn-sf-open-source-hacker-meetup-2014-0924/39528392 jasontrost@slideshare.net(jasontrost) Modern Honey Network at Bay Area Open Source Security Hackers jasontrost Modern Honey Network talk presented at Bay Area Open Source Security Hackers on 2014-09-24. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/mhnsfopensourcehackermeetup2014-09-24-140925112000-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds" /> Modern Honey Network talk presented at Bay Area Open Source Security Hackers on 2014-09-24.

Modern Honey Network at Bay Area Open Source Security Hackers from Jason Trost

]]> 2602 4 https://cdn.slidesharecdn.com/ss_thumbnails/mhnsfopensourcehackermeetup2014-09-24-140925112000-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Modern Honey Network (MHN) /slideshow/modern-honey-network-mhn/36265443 mhnsfdfirmeetupv3-140624183618-phpapp02
Open source platform for deploying/managing Honeypots & using their data http://threatstream.github.io/mhn/]]>
Open source platform for deploying/managing Honeypots & using their data http://threatstream.github.io/mhn/]]> Tue, 24 Jun 2014 18:36:18 GMT /slideshow/modern-honey-network-mhn/36265443 jasontrost@slideshare.net(jasontrost) Modern Honey Network (MHN) jasontrost Open source platform for deploying/managing Honeypots & using their data http://threatstream.github.io/mhn/ <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/mhnsfdfirmeetupv3-140624183618-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds" /> Open source platform for deploying/managing Honeypots & using their data http://threatstream.github.io/mhn/

Modern Honey Network (MHN) from Jason Trost

]]> 5356 4 https://cdn.slidesharecdn.com/ss_thumbnails/mhnsfdfirmeetupv3-140624183618-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 BinaryPig - Scalable Malware Analytics in Hadoop /slideshow/binary-24851796/24851796 blackhatpresentationslides-130801190302-phpapp02
]]>
]]> Thu, 01 Aug 2013 19:03:02 GMT /slideshow/binary-24851796/24851796 jasontrost@slideshare.net(jasontrost) BinaryPig - Scalable Malware Analytics in Hadoop jasontrost <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/blackhatpresentationslides-130801190302-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds" />

BinaryPig - Scalable Malware Analytics in Hadoop from Jason Trost

]]> 3590 5 https://cdn.slidesharecdn.com/ss_thumbnails/blackhatpresentationslides-130801190302-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Clairvoyant Squirrel: Large Scale Malicious Domain Classification /slideshow/flo-con-clairvoyant-squirrel-final/15940884 flocon-clairvoyantsquirrel-final-130110200749-phpapp01
Clairvoyant Squirrel: Large Scale Malicious Domain Classification. Presentation from FloCon 2013]]>
Clairvoyant Squirrel: Large Scale Malicious Domain Classification. Presentation from FloCon 2013]]> Thu, 10 Jan 2013 20:07:49 GMT /slideshow/flo-con-clairvoyant-squirrel-final/15940884 jasontrost@slideshare.net(jasontrost) Clairvoyant Squirrel: Large Scale Malicious Domain Classification jasontrost Clairvoyant Squirrel: Large Scale Malicious Domain Classification. Presentation from FloCon 2013 <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/flocon-clairvoyantsquirrel-final-130110200749-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds" /> Clairvoyant Squirrel: Large Scale Malicious Domain Classification. Presentation from FloCon 2013

Clairvoyant Squirrel: Large Scale Malicious Domain Classification from Jason Trost

]]> 5766 7 https://cdn.slidesharecdn.com/ss_thumbnails/flocon-clairvoyantsquirrel-final-130110200749-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds presentation White http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Accumulo Nutch/GORA, Storm, and Pig /slideshow/accumulo-nutchgora-storm-and-pig/15004256 accumuloatendgame-121102212706-phpapp02
]]>
]]> Fri, 02 Nov 2012 21:27:03 GMT /slideshow/accumulo-nutchgora-storm-and-pig/15004256 jasontrost@slideshare.net(jasontrost) Accumulo Nutch/GORA, Storm, and Pig jasontrost <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/accumuloatendgame-121102212706-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds" />

Accumulo Nutch/GORA, Storm, and Pig from Jason Trost

]]> 1803 3 https://cdn.slidesharecdn.com/ss_thumbnails/accumuloatendgame-121102212706-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://cdn.slidesharecdn.com/profile-photo-jasontrost-48x48.jpg?cb=1655077339 Specialties: Software Engineering, Network Security, Java Development, Linux Administration, Network Analysis, Network and Security Research, Cloud Computing, Hadoop/MapReduce, Certified Ethical Hacker, Cloudera Certified Hadoop Developer, Large scale data processing and analytics development using Accumulo, Hadoop, and Mapreduce www.covert.io https://cdn.slidesharecdn.com/ss_thumbnails/anomalidetectborderlessthreatintelligence-final-160916121249-thumbnail.jpg?width=320&height=320&fit=bounds jasontrost/anomali-detect-2016-borderless-threat-intelligence Anomali Detect 2016 - ... https://cdn.slidesharecdn.com/ss_thumbnails/r-cisc2016-selfandsupplychainmonitoringv1-160916121214-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/rcisc-summit-2016-borderless-threat-intelligence/66093304 R-CISC Summit 2016 Bor... https://cdn.slidesharecdn.com/ss_thumbnails/sansctisummit2016-borderlessthreatintelligence-final-160208102250-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/sans-cti-summit-2016-borderless-threat-intelligence/57998371 SANS CTI Summit 2016 B...