Starting presentation

2 years ago · f83df02360
parent 99f6a7486c
commit f83df02360
4 changed files with 261 additions and 0 deletions
--- a/presentations/gpn_2022/Makefile
+++ b/presentations/gpn_2022/Makefile
@ -0,0 +1,20 @@
+# Minimal makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line, and also
+# from the environment for the first two.
+SPHINXOPTS    ?=
+SPHINXBUILD   ?= sphinx-build
+SOURCEDIR     = .
+BUILDDIR      = _build
+
+# Put it first so that "make" without argument is like "make help".
+help:
+	@$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+
+.PHONY: help Makefile
+
+# Catch-all target: route all unknown targets to Sphinx using the new
+# "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
+%: Makefile
+	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
--- a/presentations/gpn_2022/conf.py
+++ b/presentations/gpn_2022/conf.py
@ -0,0 +1,103 @@
+# Configuration file for the Sphinx documentation builder.
+#
+# This file only contains a selection of the most common options. For a full
+# list see the documentation:
+# https://www.sphinx-doc.org/en/master/usage/configuration.html
+
+# -- Path setup --------------------------------------------------------------
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+#
+# import os
+# import sys
+# sys.path.insert(0, os.path.abspath('.'))
+
+
+# -- Project information -----------------------------------------------------
+
+project = 'PurpleDome Intro'
+copyright = '2022, Thorsten Sick'
+author = 'Thorsten Sick'
+
+
+# -- General configuration ---------------------------------------------------
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+extensions = [
+]
+
+# Reveal JS
+
+extensions += [
+    "sphinx_revealjs",
+]
+
+# -- Options for Reveal.js output ---------------------------------------------
+revealjs_static_path = ["_static"]
+revealjs_google_fonts = ["M PLUS 1p", ]
+revealjs_style_theme = "black"
+revealjs_script_conf = {
+    "controls": True,
+    "progress": True,
+    "history": True,
+    "center": True,
+    "transition": "slide",
+}
+revealjs_script_plugins = [
+    {
+        "name": "RevealNotes",
+        "src": "revealjs4/plugin/notes/notes.js",
+    },
+    {
+        "name": "RevealHighlight",
+        "src": "revealjs4/plugin/highlight/highlight.js",
+    },
+    {
+        "name": "RevealMath",
+        "src": "revealjs4/plugin/math/math.js",
+    },
+]
+revealjs_css_files = [
+    "revealjs4/plugin/highlight/zenburn.css",
+    "custom.css",
+]
+
+# Graphviz
+extensions += [
+    "sphinx.ext.graphviz"
+]
+
+# -- GraphViz configuration ----------------------------------
+graphviz_output_format = 'svg'
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ['_templates']
+
+# The language for content autogenerated by Sphinx. Refer to documentation
+# for a list of supported languages.
+#
+# This is also used if you do content translation via gettext catalogs.
+# Usually you set "language" from the command line for these cases.
+language = 'de'
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+# This pattern also affects html_static_path and html_extra_path.
+exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
+
+
+# -- Options for HTML output -------------------------------------------------
+
+# The theme to use for HTML and HTML Help pages.  See the documentation for
+# a list of builtin themes.
+#
+html_theme = 'alabaster'
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+html_static_path = ['_static']
--- a/presentations/gpn_2022/index.rst
+++ b/presentations/gpn_2022/index.rst
@ -0,0 +1,103 @@
+=========================================
+Purple Dome - Kein Schwein greift mich an
+=========================================
+
+.. This toctree is only to link examples.
+
+.. toctree::
+   :glob:
+   :hidden:
+
+
+
+Kein Schwein greif mich an
+==========================
+
+Habe mir gerade einen neuen Event Logger auf meinem Server installiert. Die Log Details hochgedreht... und jetzt greift mich keiner an.
+
+Keine Ahnung ob die Sensoren tun ?
+----------------------------------
+
+Wir überhaupt mitgelogged was wichtig ist ?
+
+Daten habe ich jetzt ....aber Erkennungslogik ?
+-----------------------------------------------
+
+Nach was greppe ich denn nun in den Logs ?
+
+Viel gemacht aber alles ungetestet
+==================================
+
+Die einzige Lösung: Ein Angreifer muss her. Vielleicht nicht auf mein Produktivsystem.
+
+Simulierte Angriffe
+===================
+
+Purple Dome erlaubt es, Angriffe zu simulieren. Scriptbar und als Python Pluins
+
+Metasploit
+----------
+
+Caldera
+-------
+
+Kali Linux commandline
+----------------------
+
+Simulierte Ziele
+================
+
+Die Angriffe gehen nicht auf das Produktivsystem, sondern auf VM targets
+
+Sensoren nach Wunsch
+====================
+
+Welche Sensoren auf den Targets laufen kann man per config und Plugin definieren
+
+Vulnerabilities nach Wunsch
+===========================
+
+Damit die Angriffe auch etwas Schaden hinterlassen, kann man per Plugins auch erst mal Vulnerabilities auf den Targets installieren.
+
+Targets nach Wunsch
+===================
+
+Erzeugt mittels Vagrant oder als bestehende VM
+
+Wie das Ganze dann aussieht
+===========================
+
+Resultat: PDF
+-------------
+
+Resultat: Sensordaten
+---------------------
+
+Resultat: Angriffsdaten
+-----------------------
+
+Input: Commandline
+------------------
+
+Input: Config
+-------------
+
+Wo kann ich PurpleDome kaufen ?
+===============================
+
+Gar nicht. Ist kostenlos und Open Source
+
+https://github.com/avast/PurpleDome
+
+Bitte forken. Jetzt.
+
+Fragen ?
+
+Origin story
+------------
+
+* Sensoren eines Behaviour Blockers müssen mit jedem OS update neu getestet werden
+* Jeder neue Angriff muss verifiziert werden...
+
+Also wurde automatisiert.
+
--- a/presentations/gpn_2022/make.bat
+++ b/presentations/gpn_2022/make.bat
@ -0,0 +1,35 @@
+@ECHO OFF
+
+pushd %~dp0
+
+REM Command file for Sphinx documentation
+
+if "%SPHINXBUILD%" == "" (
+	set SPHINXBUILD=sphinx-build
+)
+set SOURCEDIR=.
+set BUILDDIR=_build
+
+if "%1" == "" goto help
+
+%SPHINXBUILD% >NUL 2>NUL
+if errorlevel 9009 (
+	echo.
+	echo.The 'sphinx-build' command was not found. Make sure you have Sphinx
+	echo.installed, then set the SPHINXBUILD environment variable to point
+	echo.to the full path of the 'sphinx-build' executable. Alternatively you
+	echo.may add the Sphinx directory to PATH.
+	echo.
+	echo.If you don't have Sphinx installed, grab it from
+	echo.http://sphinx-doc.org/
+	exit /b 1
+)
+
+%SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O%
+goto end
+
+:help
+%SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O%
+
+:end
+popd