From cf50d2b642443cded4bf266867a72c2cb191a31b Mon Sep 17 00:00:00 2001 From: Thorsten Sick Date: Mon, 21 Feb 2022 13:11:19 +0100 Subject: [PATCH] Presentation update --- Makefile | 2 +- presentations/intro_de/conf.py | 30 ++++++++ presentations/intro_en/Makefile | 20 +++++ presentations/intro_en/conf.py | 104 +++++++++++++++++++++++++ presentations/intro_en/index.rst | 126 +++++++++++++++++++++++++++++++ 5 files changed, 281 insertions(+), 1 deletion(-) create mode 100644 presentations/intro_en/Makefile create mode 100644 presentations/intro_en/conf.py create mode 100644 presentations/intro_en/index.rst diff --git a/Makefile b/Makefile index d8650d1..2906aeb 100644 --- a/Makefile +++ b/Makefile @@ -11,9 +11,9 @@ check: tox.ini # Manual tests test: tox.ini tox; - pylint --rcfile=pylint.rc *.py app/*.py plugins/base/*.py coverage html; coverage report; + pylint --rcfile=pylint.rc *.py app/*.py plugins/base/*.py shipit: test cd doc; make zip; cd .. diff --git a/presentations/intro_de/conf.py b/presentations/intro_de/conf.py index c738d45..c04afe5 100644 --- a/presentations/intro_de/conf.py +++ b/presentations/intro_de/conf.py @@ -36,6 +36,36 @@ extensions += [ "sphinx_revealjs", ] +# -- Options for Reveal.js output --------------------------------------------- +revealjs_static_path = ["_static"] +revealjs_google_fonts = ["M PLUS 1p", ] +revealjs_style_theme = "black" +revealjs_script_conf = { + "controls": True, + "progress": True, + "history": True, + "center": True, + "transition": "slide", +} +revealjs_script_plugins = [ + { + "name": "RevealNotes", + "src": "revealjs4/plugin/notes/notes.js", + }, + { + "name": "RevealHighlight", + "src": "revealjs4/plugin/highlight/highlight.js", + }, + { + "name": "RevealMath", + "src": "revealjs4/plugin/math/math.js", + }, +] +revealjs_css_files = [ + "revealjs4/plugin/highlight/zenburn.css", + "custom.css", +] + # Graphviz extensions += [ "sphinx.ext.graphviz" diff --git a/presentations/intro_en/Makefile b/presentations/intro_en/Makefile new file mode 100644 index 0000000..d4bb2cb --- /dev/null +++ b/presentations/intro_en/Makefile @@ -0,0 +1,20 @@ +# Minimal makefile for Sphinx documentation +# + +# You can set these variables from the command line, and also +# from the environment for the first two. +SPHINXOPTS ?= +SPHINXBUILD ?= sphinx-build +SOURCEDIR = . +BUILDDIR = _build + +# Put it first so that "make" without argument is like "make help". +help: + @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) + +.PHONY: help Makefile + +# Catch-all target: route all unknown targets to Sphinx using the new +# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). +%: Makefile + @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) diff --git a/presentations/intro_en/conf.py b/presentations/intro_en/conf.py new file mode 100644 index 0000000..88ed696 --- /dev/null +++ b/presentations/intro_en/conf.py @@ -0,0 +1,104 @@ +# Configuration file for the Sphinx documentation builder. +# +# This file only contains a selection of the most common options. For a full +# list see the documentation: +# https://www.sphinx-doc.org/en/master/usage/configuration.html + +# -- Path setup -------------------------------------------------------------- + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +# +# import os +# import sys +# sys.path.insert(0, os.path.abspath('.')) + + +# -- Project information ----------------------------------------------------- + +project = 'PurpleDome Intro' +copyright = '2022, Thorsten Sick' +author = 'Thorsten Sick' + + +# -- General configuration --------------------------------------------------- + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ +] + +# Reveal JS + +extensions += [ + "sphinx_revealjs", +] + +# Graphviz +extensions += [ + "sphinx.ext.graphviz" +] + +# -- Options for Reveal.js output --------------------------------------------- +revealjs_static_path = ["_static"] +revealjs_google_fonts = ["M PLUS 1p", ] +revealjs_style_theme = "black" +revealjs_script_conf = { + "controls": True, + "progress": True, + "history": True, + "center": True, + "transition": "slide", +} +revealjs_script_plugins = [ + { + "name": "RevealNotes", + "src": "revealjs4/plugin/notes/notes.js", + }, + { + "name": "RevealHighlight", + "src": "revealjs4/plugin/highlight/highlight.js", + }, + { + "name": "RevealMath", + "src": "revealjs4/plugin/math/math.js", + }, +] +revealjs_css_files = [ + "revealjs4/plugin/highlight/zenburn.css", + "custom.css", +] + + +# -- GraphViz configuration ---------------------------------- +graphviz_output_format = 'svg' + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# +# This is also used if you do content translation via gettext catalogs. +# Usually you set "language" from the command line for these cases. +language = 'de' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +# This pattern also affects html_static_path and html_extra_path. +exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store'] + + +# -- Options for HTML output ------------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +# +html_theme = 'alabaster' + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] diff --git a/presentations/intro_en/index.rst b/presentations/intro_en/index.rst new file mode 100644 index 0000000..7a9f5ac --- /dev/null +++ b/presentations/intro_en/index.rst @@ -0,0 +1,126 @@ +================= +Purple Dome intro +================= + +.. This toctree is only to link examples. + +.. toctree:: + :glob: + :hidden: + + + +The problem +=========== + +Complex malware attacks in stages. Especially the last ones can be file-less stages + +Should I be concerned ? +----------------------- + +If you are running a company network: yes + +After initial opportunistic infection and system scanning the malware can call an operator + +.. after the operator was called it is fileless + +Will AV protect me? +=================== + +Modern AV Software does not only do file detection but also behaviour detection + +Sometimes this is advertised. But even if it is not there will be a basic version shipped with your AV + +For advanced attacks this is the module protecting you + +Does this work well ? +--------------------- + +The behaviour component is a complex beast + +* Different OS versions +* Performance +* Stability +* Lots of different behaviour patterns possible + + +Is file-less bad ? +------------------ + +* Dealing with files is simpler +* QA and Development is much harder without malware files + + +Purple Dome makes dealing with file-less malware simpler +======================================================== + +We need it to... + +* Develop sensors +* Create the logic +* Test everything + + +Purple Dome: Internals +====================== + +Purple Dome is a fully automated simulation environment to experiment with sophisticated attacks + +Spawning targets +---------------- + +VMS with the selected OS are initialised and started. That way we can experiment with different OS versions + +Spawning the attacker +--------------------- + +Attacker VM is Kali Linux. It contains + +* Metasploit +* Caldera +* Command line tools (nmap...) + +Sensoren Setup +-------------- + +Sensors will be installed on the targets. Now we are recording the events + +Running the attacks +-------------------- + +Attacks are run based on a script + +Collecting sensor data +---------------------- + +Data from the sensors and the log of the attack itself are the result of the simulation + +Creating a description +---------------------- + +For a quick overview it generates a human readable PDF document describing the attack + +Other Purple Dome use cases +=========================== + +Seminars +---------- + +We are evaluating how to use PD for university seminars. + +Trainings +--------- + +Blue vs Red Team trainings and creation of training data + +CTF +--- + +Capture the Flags games can be based on PD + +Buying Purple Dome +================== + +It is not for sale. It is Open Source. Just fork it on Github: + +https://github.com/avast/PurpleDome \ No newline at end of file