Presentation update

2 years ago · cf50d2b642
parent 40622cbf67
commit cf50d2b642
5 changed files with 281 additions and 1 deletions
--- a/2
+++ b/2
@ -11,9 +11,9 @@ check: tox.ini
 # Manual tests
 test: tox.ini
 	tox;
-	pylint --rcfile=pylint.rc  *.py app/*.py plugins/base/*.py
 	coverage html;
 	coverage report;
+	pylint --rcfile=pylint.rc  *.py app/*.py plugins/base/*.py

 shipit: test
 	cd doc; make zip; cd ..
--- a/presentations/intro_de/conf.py
+++ b/presentations/intro_de/conf.py
@ -36,6 +36,36 @@ extensions += [
    "sphinx_revealjs",
 ]

+# -- Options for Reveal.js output ---------------------------------------------
+revealjs_static_path = ["_static"]
+revealjs_google_fonts = ["M PLUS 1p", ]
+revealjs_style_theme = "black"
+revealjs_script_conf = {
+    "controls": True,
+    "progress": True,
+    "history": True,
+    "center": True,
+    "transition": "slide",
+}
+revealjs_script_plugins = [
+    {
+        "name": "RevealNotes",
+        "src": "revealjs4/plugin/notes/notes.js",
+    },
+    {
+        "name": "RevealHighlight",
+        "src": "revealjs4/plugin/highlight/highlight.js",
+    },
+    {
+        "name": "RevealMath",
+        "src": "revealjs4/plugin/math/math.js",
+    },
+]
+revealjs_css_files = [
+    "revealjs4/plugin/highlight/zenburn.css",
+    "custom.css",
+]
+
 # Graphviz
 extensions += [
    "sphinx.ext.graphviz"
--- a/presentations/intro_en/Makefile
+++ b/presentations/intro_en/Makefile
@ -0,0 +1,20 @@
+# Minimal makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line, and also
+# from the environment for the first two.
+SPHINXOPTS    ?=
+SPHINXBUILD   ?= sphinx-build
+SOURCEDIR     = .
+BUILDDIR      = _build
+
+# Put it first so that "make" without argument is like "make help".
+help:
+	@$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+
+.PHONY: help Makefile
+
+# Catch-all target: route all unknown targets to Sphinx using the new
+# "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
+%: Makefile
+	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
--- a/presentations/intro_en/conf.py
+++ b/presentations/intro_en/conf.py
@ -0,0 +1,104 @@
+# Configuration file for the Sphinx documentation builder.
+#
+# This file only contains a selection of the most common options. For a full
+# list see the documentation:
+# https://www.sphinx-doc.org/en/master/usage/configuration.html
+
+# -- Path setup --------------------------------------------------------------
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+#
+# import os
+# import sys
+# sys.path.insert(0, os.path.abspath('.'))
+
+
+# -- Project information -----------------------------------------------------
+
+project = 'PurpleDome Intro'
+copyright = '2022, Thorsten Sick'
+author = 'Thorsten Sick'
+
+
+# -- General configuration ---------------------------------------------------
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+extensions = [
+]
+
+# Reveal JS
+
+extensions += [
+    "sphinx_revealjs",
+]
+
+# Graphviz
+extensions += [
+    "sphinx.ext.graphviz"
+]
+
+# -- Options for Reveal.js output ---------------------------------------------
+revealjs_static_path = ["_static"]
+revealjs_google_fonts = ["M PLUS 1p", ]
+revealjs_style_theme = "black"
+revealjs_script_conf = {
+    "controls": True,
+    "progress": True,
+    "history": True,
+    "center": True,
+    "transition": "slide",
+}
+revealjs_script_plugins = [
+    {
+        "name": "RevealNotes",
+        "src": "revealjs4/plugin/notes/notes.js",
+    },
+    {
+        "name": "RevealHighlight",
+        "src": "revealjs4/plugin/highlight/highlight.js",
+    },
+    {
+        "name": "RevealMath",
+        "src": "revealjs4/plugin/math/math.js",
+    },
+]
+revealjs_css_files = [
+    "revealjs4/plugin/highlight/zenburn.css",
+    "custom.css",
+]
+
+
+# -- GraphViz configuration ----------------------------------
+graphviz_output_format = 'svg'
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ['_templates']
+
+# The language for content autogenerated by Sphinx. Refer to documentation
+# for a list of supported languages.
+#
+# This is also used if you do content translation via gettext catalogs.
+# Usually you set "language" from the command line for these cases.
+language = 'de'
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+# This pattern also affects html_static_path and html_extra_path.
+exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
+
+
+# -- Options for HTML output -------------------------------------------------
+
+# The theme to use for HTML and HTML Help pages.  See the documentation for
+# a list of builtin themes.
+#
+html_theme = 'alabaster'
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+html_static_path = ['_static']
--- a/presentations/intro_en/index.rst
+++ b/presentations/intro_en/index.rst
@ -0,0 +1,126 @@
+=================
+Purple Dome intro
+=================
+
+.. This toctree is only to link examples.
+
+.. toctree::
+   :glob:
+   :hidden:
+
+
+
+The problem
+===========
+
+Complex malware attacks in stages. Especially the last ones can be file-less stages
+
+Should I be concerned ?
+-----------------------
+
+If you are running a company network: yes
+
+After initial opportunistic infection and system scanning the malware can call an operator
+
+.. after the operator was called it is fileless
+
+Will AV protect me?
+===================
+
+Modern AV Software does not only do file detection but also behaviour detection
+
+Sometimes this is advertised. But even if it is not there will be a basic version shipped with your AV
+
+For advanced attacks this is the module protecting you
+
+Does this work well ?
+---------------------
+
+The behaviour component is a complex beast
+
+* Different OS versions
+* Performance
+* Stability
+* Lots of different behaviour patterns possible
+
+
+Is file-less bad ?
+------------------
+
+* Dealing with files is simpler
+* QA and Development is much harder without malware files
+
+
+Purple Dome makes dealing with file-less malware simpler
+========================================================
+
+We need it to...
+
+* Develop sensors
+* Create the logic
+* Test everything
+
+
+Purple Dome: Internals
+======================
+
+Purple Dome is a fully automated simulation environment to experiment with sophisticated attacks
+
+Spawning targets
+----------------
+
+VMS with the selected OS are initialised and started. That way we can experiment with different OS versions
+
+Spawning the attacker
+---------------------
+
+Attacker VM is Kali Linux. It contains
+
+* Metasploit
+* Caldera
+* Command line tools (nmap...)
+
+Sensoren Setup
+--------------
+
+Sensors will be installed on the targets. Now we are recording the events
+
+Running the attacks
+--------------------
+
+Attacks are run based on a script
+
+Collecting sensor data
+----------------------
+
+Data from the sensors and the log of the attack itself are the result of the simulation
+
+Creating a description
+----------------------
+
+For a quick overview it generates a human readable PDF document describing the attack
+
+Other Purple Dome use cases
+===========================
+
+Seminars
+----------
+
+We are evaluating how to use PD for university seminars.
+
+Trainings
+---------
+
+Blue vs Red Team trainings and creation of training data
+
+CTF
+---
+
+Capture the Flags games can be based on PD
+
+Buying Purple Dome
+==================
+
+It is not for sale. It is Open Source. Just fork it on Github:
+
+https://github.com/avast/PurpleDome