Лекция 1 | Курс: Архитектура ЭВМ и основы ОС | Лектор: Кирилл Кринкин | Организатор: Computer Science Center
Смотрите это видео на Лекториуме: lektorium.tv/lecture/14649
Блокчейн-технология была впервые реализована в криптовалюте Биткоин и впоследствии нашла применение во многих областях: государственные реестры, цепочки управления поставками, биомедицина, финансовый сектор и проч. В докладе будет рассказано, что такое блокчейн, какие возможности и ограничения есть у данной технологии, а также о существующих и перспективных направлениях ее развития.
При изучении сетей необходимо и очень полезно анализировать реальный трафик в конкретной сети. В лекции кратко описано использование программы WireShark для захвата, фильтрации и разбора пакетов в реальной сети на примере пинга сайта. Показано как пользоваться анализатором пакетов и сделаны простейшие замечания по фильтрации трафика.
Начальная часть теоретического курса в wb001, wb002, wb017-wb025
IMPORTANT (JUNE 6, 2019): The OSINT Tools by Mike Bazzel featured in this guide were taken down from his website due to increased DDoS-style attacks, as well as DMCAs and cease-and-desists from some of the tools included. Phoneinfoga will still work in this guide, but for the others, you can try using each companys individual tool instead. You can see how it used to work, however, in this video and on null-byte.com.
When running an OSINT investigation, a phone number can prove to be extremely useful in gathering information about a target. On this episode of Cyber Weapons Lab, well explore a couple tools you can use to extract information from a phone number. First, theres the command-line tool called Phoneinfoga, then theres the web app tool on the IntelTechniques website.
Every single day we use search engines to look for things on the internet. Defenders research a domain or IP that contains malware. Attackers look for email addresses for an upcoming phishing campaign. DFIR people examine locations and usernames that they acquired from a subjects computer. Policy and compliance people examine the risk that employees in their organizations might bring to work. Recruiters scour the internet looking for candidates. And «normal people» shop, date, geolocate, post, tweet, and otherwise send a huge amount of data to the public internet. While search engines harvest, store, and index billions of web site data points every day, there is much they do not contain. These pieces of OSINT data can, when put in perspective and analyzed, reveal target geolocations, friends and associates, alcohol consumption, user passwords, and more. This talk will be a series of hands on, live demos where we put our OSINT skills to work in unconventional places to harvest this unindexed OSINT data. Using free web sites, built in web browser tools, and free python scripts, Micah will show attendees how to harvest data from social media applications, the «whois» system, and from breach data that will not appear in search engine results. Students will gain a better understanding of JSON, APIs, reverse whois, and how to run python tools. Come join Micah as he examines how to move beyond «Googling it» in your personal and professional lives.
Speaker Bio
Micah Hoffman has been active in the information technology field since 1998, working with federal government, commercial, and internal customers to discover and quantify cybersecurity weaknesses within their organizations. As a highly active member of the cybersecurity and OSINT communities, Micah uses his real-world Open-Source Intelligence (OSINT), penetration testing, and incident response experience to provide customized solutions to his customers and comprehensive instruction to his students.
Over the years, Micah has conducted cyber-related tasks like penetration testing, OSINT investigations, APT hunting, and risk assessments for government, internal, and commercial customers. Micahs SANS coursework, cybersecurity expertise, and inherent love of teaching eventually pulled him toward an instructional role, and hes been a SANS Certified Instructor since 2013. Hes the author of the SANS course SEC487: Open Source Intelligence Gathering and Analysis, and also teaches both SEC542: Web App Penetration Testing and Ethical Hacking and SEC567: Social Engineering for Penetration Testers.
Presentation at Pasadena City College on Maltego. This week focuses on OSINT and conducting an investigation with advanced tools. We learn the importance of framing an investigation and walk beginners through the steps of a sample investigation.
There’s a lot of talk about data breaches but not much is discussed about where the data ends up and how it can be used for good. In this low-key talk, we’ll discuss where breach data ends up, how you can find copies of it, and most importantly, how you can use it to further your security goals. We’ll discuss how it can benefit blue teams/threat intel shops, pen testers, OSINT researchers and even DFIR practitioners.
Matt Edmondson @matt0177, Certified Instructor, SANS Institute