$whois Felipe.Pr0teus
Não trabalho na Proteus.
- Works for TJRJ
- Security Researcher(Independent)
- Love coffee!
- Like to Help
Disclaimer
The data, or the results found here were tested in controled environment, may or may not correspond to a real life situations. My employer has nothing to do with it =D
Motivation
- Know were our enemies are.
- Understand the field and create an strategy.
- We can't fight what we can't see.
Not convinced?!
13
14,16,17,18,21...
Why the NEED of visualization
How this help us?!
- We have to analyze lots of data
- Images sumarize lot of then
- Who doesn't love a graphics?!
At least help us to sell.!
Why visualization works?!
- Vision trumps all other senses
- We evolved to look for:
food, water & reproduction!
- Recognition doubles for a picture compared with a text !
- Context & Pattern recognition
We are really good with Pattern Recognition!
- :)
-
- Pareidolia
How it works ?
Cores, formatos padrões
<
Tree Map
Display data Hierarchy
Chord diagram
Display inter-relationships(Matrix)
Parallel Coodinates
Display lots of data dimensions
Data & Data
Data & Data
Remember...
- Get a problem (Ask me how)
- Collect the data
- Parse & Correlate
- Visualize & Interact
- Back to Step 1 or 3
An image worth more than a thousand words!
An image worth more than a thousand logs!
Can be applied into security field?!
- Guess what?! sure ! (Retorical at this point)
- Just use security data
Believe me ! Me & You have Tons of data!
- App LogsApache(acess,error),[My,Maria,Postgre or no]SQL,PHP,Python, ASPX,Memcached,
- NetworkFirewall Logs, routers logs, netflow, raw packtes, IPS/IDS, NIDS
- ServersCPU, memory, disk utilization, connections, process,
- Security tools, CVE's, Exploits, Twitter, news, community....
BuzzWord: BigData
Are we able to read/understand all of then?
Information visualization !
DaViX
(Your next Linux vm)
- PicViz
- AfterGlow
- Gephi, GraphViz, MRTG/RRD ...
- Parsers
- ELK stack
Data breach
Demo 1
Aleph - Malware Analysis Pipeline System
Some Brazilian malwares
About Aleph Project
Get Aleph at github.
Demo 2
Netflow, Alert from zabbix - Where is the enemy?!
Demo 2
Netflow, Alert from zabbix - Where is the enemy?!
C:\Users\Pr0teus\hl.exe -game cstrike
## Conclusion
- We can visualy correlate data
- We are plenty of data LOL (Lots of Logs)
- There are a lot of Kits to start playing with infovis.
- We can use it to defend, attack or make money =D
- Go further !
See Further, Go further !
Thanks !
Contacts: E-mail, Facebook or RL ;)