Submit Search
Upload
Ben herzberg/incapsula trends of cyber attacks
•
0 likes
•
172 views
C
ChungSC_tw
Follow
經濟日報、遠傳電信主辦;資策會協辦 2017創新論壇-防駭大作戰
Read less
Read more
Technology
Report
Share
Report
Share
1 of 47
Recommended
Network Monitoring with Icinga
Network Monitoring with Icinga
learjk
Info 2402 assignment 2_ crawler
Info 2402 assignment 2_ crawler
Shahriar Rafee
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Research
ExpertsLiveEurope The New Era Of Endpoint Security
ExpertsLiveEurope The New Era Of Endpoint Security
Alexander Benoit
Logs And Backups
Logs And Backups
Charles Southerland
Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018
randomuserid
Artem Storozhuk - Search over encrypted records: from academic dreams to prod...
Artem Storozhuk - Search over encrypted records: from academic dreams to prod...
NoNameCon
Deep learning beyond the learning - Jörg Schad - Codemotion Rome 2018
Deep learning beyond the learning - Jörg Schad - Codemotion Rome 2018
Codemotion
Recommended
Network Monitoring with Icinga
Network Monitoring with Icinga
learjk
Info 2402 assignment 2_ crawler
Info 2402 assignment 2_ crawler
Shahriar Rafee
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Research
ExpertsLiveEurope The New Era Of Endpoint Security
ExpertsLiveEurope The New Era Of Endpoint Security
Alexander Benoit
Logs And Backups
Logs And Backups
Charles Southerland
Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018
randomuserid
Artem Storozhuk - Search over encrypted records: from academic dreams to prod...
Artem Storozhuk - Search over encrypted records: from academic dreams to prod...
NoNameCon
Deep learning beyond the learning - Jörg Schad - Codemotion Rome 2018
Deep learning beyond the learning - Jörg Schad - Codemotion Rome 2018
Codemotion
Beyond Mirai: The new age of MDDoS attacks
Beyond Mirai: The new age of MDDoS attacks
APNIC
CanSecWest 2017 - Port(al) to the iOS Core
CanSecWest 2017 - Port(al) to the iOS Core
Stefan Esser
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the Code
NowSecure
Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...
Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...
Spark Summit
Information track presentation_final
Information track presentation_final
Kazuki Omo
OSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
OSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
NETWAYS
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Dragos, Inc.
Doing Dropbox the Native Cloud Native Way
Doing Dropbox the Native Cloud Native Way
Minio
G3t R00t at IUT
G3t R00t at IUT
Nahidul Kibria
Chapter TwelveNetwork SecurityData Communications an.docx
Chapter TwelveNetwork SecurityData Communications an.docx
mccormicknadine86
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Minseok(Jacky) Cha
D3TLV17- Keeping it Safe
D3TLV17- Keeping it Safe
Imperva Incapsula
Trend briefs security
Trend briefs security
Jongseok Choi
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gpos
Priyanka Aash
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
Rod Soto
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...
NETWAYS
9(1)
9(1)
sruthi c
Android Architecture components
Android Architecture components
Michelantonio Trizio
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utility
IOSR Journals
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
NowSecure
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Sinan KOZAK
More Related Content
Similar to Ben herzberg/incapsula trends of cyber attacks
Beyond Mirai: The new age of MDDoS attacks
Beyond Mirai: The new age of MDDoS attacks
APNIC
CanSecWest 2017 - Port(al) to the iOS Core
CanSecWest 2017 - Port(al) to the iOS Core
Stefan Esser
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the Code
NowSecure
Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...
Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...
Spark Summit
Information track presentation_final
Information track presentation_final
Kazuki Omo
OSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
OSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
NETWAYS
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Dragos, Inc.
Doing Dropbox the Native Cloud Native Way
Doing Dropbox the Native Cloud Native Way
Minio
G3t R00t at IUT
G3t R00t at IUT
Nahidul Kibria
Chapter TwelveNetwork SecurityData Communications an.docx
Chapter TwelveNetwork SecurityData Communications an.docx
mccormicknadine86
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Minseok(Jacky) Cha
D3TLV17- Keeping it Safe
D3TLV17- Keeping it Safe
Imperva Incapsula
Trend briefs security
Trend briefs security
Jongseok Choi
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gpos
Priyanka Aash
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
Rod Soto
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...
NETWAYS
9(1)
9(1)
sruthi c
Android Architecture components
Android Architecture components
Michelantonio Trizio
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utility
IOSR Journals
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
NowSecure
Similar to Ben herzberg/incapsula trends of cyber attacks
(20)
Beyond Mirai: The new age of MDDoS attacks
Beyond Mirai: The new age of MDDoS attacks
CanSecWest 2017 - Port(al) to the iOS Core
CanSecWest 2017 - Port(al) to the iOS Core
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the Code
Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...
Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...
Information track presentation_final
Information track presentation_final
OSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
OSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Doing Dropbox the Native Cloud Native Way
Doing Dropbox the Native Cloud Native Way
G3t R00t at IUT
G3t R00t at IUT
Chapter TwelveNetwork SecurityData Communications an.docx
Chapter TwelveNetwork SecurityData Communications an.docx
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Embedded linux 악성코드 동향 20150323 v1.0 공개판
D3TLV17- Keeping it Safe
D3TLV17- Keeping it Safe
Trend briefs security
Trend briefs security
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gpos
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...
9(1)
9(1)
Android Architecture components
Android Architecture components
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utility
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
Recently uploaded
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Sinan KOZAK
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Alan Dix
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
Sujit Pal
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
OnBoard
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Paola De la Torre
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
Recently uploaded
(20)
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
Ben herzberg/incapsula trends of cyber attacks
1.
© 2016 Imperva,
Inc. All rights reserved. Cyber Attack Trends Ben Herzberg @KernelXSS @imperva
2.
© 2017 Imperva,
Inc. All rights reserved. - @KernelXSS - about() 2 > ben.childNodes.length <· 2 > ben.history <· [“PT”,”Dev”] > ben.employer <· “Imperva” > ben.positionX <· “Research Group Manager” > ben.social <· {“TWT”: “@KernelXSS”, “LNK”: “Ben Herzberg”}
3.
DoS / DDoS
Attacks
4.
WHAT’S DDOS (IN 6
SECONDS)
5.
6.
7.
Volumetric Attacks
8.
9.
Layer 7 Attacks
10.
11.
12.
13.
14.
WHY?
15.
Lately…
16.
© 2017 Imperva,
Inc. All rights reserved. @KernelXSS @Incapsula_com IoT DDoS through the (very recent) history 16 Mirai 20-SEP-2016 OVH Attack 21-OCT-2016 Dyn DNS DDoS 5-DEC-2016 INVESTIGATED IoT DDoSINVESTIGATED IoT DDoS BEFORE IT WAS COOLBEFORE IT WAS COOL
17.
© 2017 Imperva,
Inc. All rights reserved. @KernelXSS @Incapsula_com IoT DDoS through the (very recent) history 17 Mirai OVH Attack 30-DEC-2014 21-OCT-2015 20-SEP-2016 5-DEC-2016 … SOHO Routers CCTV DDoS 21-OCT-2016 Dyn DNS DDoS
18.
@ZAvishh Why use IoTs
4 DDoS?
19.
© 2016 Imperva,
Inc. All rights reserved. @KernelXSS19
20.
© 2016 Imperva,
Inc. All rights reserved. @KernelXSS20 IoTPC internet connection IoTPC VVinternet connection
21.
© 2016 Imperva,
Inc. All rights reserved. @KernelXSS21 IoTPC VVinternet connection code execution IoTPC VVinternet connection VVcode execution
22.
© 2016 Imperva,
Inc. All rights reserved. @KernelXSS22 IoTPC VVinternet connection VVcode execution scanability IoTPC VVinternet connection VVcode execution VXscanability
23.
© 2016 Imperva,
Inc. All rights reserved. @KernelXSS23 IoTPC VVinternet connection VVcode execution VXscanability hackability IoTPC VVinternet connection VVcode execution VXscanability VXhackability IoTPC VVinternet connection VVcode execution VXscanability VXhackability
24.
@KernelXSS The case of Mirai
25.
© 2016 Imperva,
Inc. All rights reserved. - @KernelXSS -25 func (this *Database) CreateUser(username string, password string, max_bots int, duration int, cooldown int) bool { ... this.db.Exec("INSERT INTO users (username, password, max_bots, admin, " "last_paid, cooldown, duration_limit)" "VALUES (?, ?, ?, 0, UNIX_TIMESTAMP(), ?, ?)", username, password, max_bots, cooldown, duration) return true }
26.
© 2016 Imperva,
Inc. All rights reserved. - @KernelXSS -26 #DEFINE TABLE_MEM_QBOT // REPORT %S:%S #DEFINE TABLE_MEM_QBOT2 // HTTPFLOOD #DEFINE TABLE_MEM_QBOT3 // LOLNOGTFO #DEFINE TABLE_MEM_UPX // X58X4DX4EX4EX43X50X46X22 #DEFINE TABLE_MEM_ZOLLARD // ZOLLARD #DEFINE TABLE_KILLER_ANIME // .anime killer_kill_by_port(htons(23)) // Kill telnet service killer_kill_by_port(htons(22)) // Kill SSH service killer_kill_by_port(htons(80)) // Kill HTTP service
27.
© 2016 Imperva,
Inc. All rights reserved. - @KernelXSS -27 void attack_tcp_syn(uint8_t targs_len, struct attack_target *targs,…) void attack_tcp_ack(uint8_t targs_len, struct attack_target *targs,…) void attack_tcp_stomp(uint8_t targs_len, struct attack_target *targs,…) void attack_udp_generic(uint8_t targs_len, struct attack_target *targs,…) void attack_udp_plain(uint8_t targs_len, struct attack_target *targs,…) void attack_udp_dns(uint8_t targs_len, struct attack_target *targs,…) void attack_gre_ip(uint8_t targs_len, struct attack_target *targs,…) void attack_gre_eth(uint8_t targs_len, struct attack_target *targs,…) void attack_app_http(uint8_t targs_len, struct attack_target *targs,…)
28.
© 2016 Imperva,
Inc. All rights reserved. - @KernelXSS -28 # define TABLE_ATK_DOSARREST 45 // "server: dosarrest" # define TABLE_ATK_CLOUDFLARE_NGINX 46 // "server: cloudflare-nginx" if (util_stristr(generic_memes, ret, table_retrieve_val(TABLE_ATK_CLOUDFLARE_NGINX, NULL)) != -1) conn->protection_type = HTTP_PROT_CLOUDFLARE; if (util_stristr(generic_memes, ret, table_retrieve_val(TABLE_ATK_DOSARREST, NULL)) != -1) conn->protection_type = HTTP_PROT_DOSARREST;
29.
© 2016 Imperva,
Inc. All rights reserved. - @KernelXSS -29
30.
© 2016 Imperva,
Inc. All rights reserved. - @KernelXSS -30
31.
Industry Challenges for
2018
32.
“Secure by default”
33.
TMI
34.
Antivirus 1987 1992 Firewall 1999 WAF IPS NOW ?
35.
Host IDS/IPS Database
Access Management Network Anomaly Detection Threat Intelligence Sharing MDM DDoS Mitigation Cloud Access Security Broker Identity Management Threat Containment Solutions Forensic Kits Honeypots Decoys Automated Vulnerability Assessment File Access Management Patch Inventory Management Device Control Management Network Access Control Database Firewalls Data Vaults
36.
37.
DDoS Trends
38.
Over 6,000,000,000 Smart-Phones By 2020
39.
© 2017 Imperva,
Inc. All rights reserved. @KernelXSS @Incapsula_com The growing prevalence of IoTs 39 Source: Ericsson Mobility Report; June 2016.
40.
41.
© 2017 Imperva,
Inc. All rights reserved. @KernelXSS @Incapsula_com IoT botnets NG • Improving the C2 functionality: • DGA • P2P • Different spreading techniques • TR-069 vulnerabilities • Windows as a relay • Non-DDoS botnets • Bitcoin mining • SPAM spreading • Bruteforcing • IoT vigilantes - Hajime 41 Image credits: www.mobihealthnews.com
42.
How do we
do that?
43.
Small Data is
the new BigData
44.
“SecOps”
45.
Config: Less is
More
46.
Sometimes Cloud is the Security
47.
© 2017 Imperva,
Inc. All rights reserved.47 @KernelXSS, @imperva Thanks You! ⾮非常感谢您 linkedin.com/in/sysadmin ben.herzberg@imperva.com