Starting presentation

3 years ago · f83df02360
parent 99f6a7486c
commit f83df02360
4 changed files with 261 additions and 0 deletions
--- a/presentations/gpn_2022/Makefile
+++ b/presentations/gpn_2022/Makefile
@ -0,0 +1,20 @@
 # Minimal makefile for Sphinx documentation
 #
 # You can set these variables from the command line, and also
 # from the environment for the first two.
 SPHINXOPTS    ?=
 SPHINXBUILD   ?= sphinx-build
 SOURCEDIR     = .
 BUILDDIR      = _build
 # Put it first so that "make" without argument is like "make help".
 help:
 	@$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
 .PHONY: help Makefile
 # Catch-all target: route all unknown targets to Sphinx using the new
 # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
 %: Makefile
 	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
--- a/presentations/gpn_2022/conf.py
+++ b/presentations/gpn_2022/conf.py
@ -0,0 +1,103 @@
 # Configuration file for the Sphinx documentation builder.
 #
 # This file only contains a selection of the most common options. For a full
 # list see the documentation:
 # https://www.sphinx-doc.org/en/master/usage/configuration.html
 # -- Path setup --------------------------------------------------------------
 # If extensions (or modules to document with autodoc) are in another directory,
 # add these directories to sys.path here. If the directory is relative to the
 # documentation root, use os.path.abspath to make it absolute, like shown here.
 #
 # import os
 # import sys
 # sys.path.insert(0, os.path.abspath('.'))
 # -- Project information -----------------------------------------------------
 project = 'PurpleDome Intro'
 copyright = '2022, Thorsten Sick'
 author = 'Thorsten Sick'
 # -- General configuration ---------------------------------------------------
 # Add any Sphinx extension module names here, as strings. They can be
 # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
 # ones.
 extensions = [
 ]
 # Reveal JS
 extensions += [
    "sphinx_revealjs",
 ]
 # -- Options for Reveal.js output ---------------------------------------------
 revealjs_static_path = ["_static"]
 revealjs_google_fonts = ["M PLUS 1p", ]
 revealjs_style_theme = "black"
 revealjs_script_conf = {
    "controls": True,
    "progress": True,
    "history": True,
    "center": True,
    "transition": "slide",
 }
 revealjs_script_plugins = [
    {
        "name": "RevealNotes",
        "src": "revealjs4/plugin/notes/notes.js",
    },
    {
        "name": "RevealHighlight",
        "src": "revealjs4/plugin/highlight/highlight.js",
    },
    {
        "name": "RevealMath",
        "src": "revealjs4/plugin/math/math.js",
    },
 ]
 revealjs_css_files = [
    "revealjs4/plugin/highlight/zenburn.css",
    "custom.css",
 ]
 # Graphviz
 extensions += [
    "sphinx.ext.graphviz"
 ]
 # -- GraphViz configuration ----------------------------------
 graphviz_output_format = 'svg'
 # Add any paths that contain templates here, relative to this directory.
 templates_path = ['_templates']
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
 #
 # This is also used if you do content translation via gettext catalogs.
 # Usually you set "language" from the command line for these cases.
 language = 'de'
 # List of patterns, relative to source directory, that match files and
 # directories to ignore when looking for source files.
 # This pattern also affects html_static_path and html_extra_path.
 exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
 # -- Options for HTML output -------------------------------------------------
 # The theme to use for HTML and HTML Help pages.  See the documentation for
 # a list of builtin themes.
 #
 html_theme = 'alabaster'
 # Add any paths that contain custom static files (such as style sheets) here,
 # relative to this directory. They are copied after the builtin static files,
 # so a file named "default.css" will overwrite the builtin "default.css".
 html_static_path = ['_static']
--- a/presentations/gpn_2022/index.rst
+++ b/presentations/gpn_2022/index.rst
@ -0,0 +1,103 @@
 =========================================
 Purple Dome - Kein Schwein greift mich an
 =========================================
 .. This toctree is only to link examples.
 .. toctree::
   :glob:
   :hidden:
 Kein Schwein greif mich an
 ==========================
 Habe mir gerade einen neuen Event Logger auf meinem Server installiert. Die Log Details hochgedreht... und jetzt greift mich keiner an.
 Keine Ahnung ob die Sensoren tun ?
 ----------------------------------
 Wir überhaupt mitgelogged was wichtig ist ?
 Daten habe ich jetzt ....aber Erkennungslogik ?
 -----------------------------------------------
 Nach was greppe ich denn nun in den Logs ?
 Viel gemacht aber alles ungetestet
 ==================================
 Die einzige Lösung: Ein Angreifer muss her. Vielleicht nicht auf mein Produktivsystem.
 Simulierte Angriffe
 ===================
 Purple Dome erlaubt es, Angriffe zu simulieren. Scriptbar und als Python Pluins
 Metasploit
 ----------
 Caldera
 -------
 Kali Linux commandline
 ----------------------
 Simulierte Ziele
 ================
 Die Angriffe gehen nicht auf das Produktivsystem, sondern auf VM targets
 Sensoren nach Wunsch
 ====================
 Welche Sensoren auf den Targets laufen kann man per config und Plugin definieren
 Vulnerabilities nach Wunsch
 ===========================
 Damit die Angriffe auch etwas Schaden hinterlassen, kann man per Plugins auch erst mal Vulnerabilities auf den Targets installieren.
 Targets nach Wunsch
 ===================
 Erzeugt mittels Vagrant oder als bestehende VM
 Wie das Ganze dann aussieht
 ===========================
 Resultat: PDF
 -------------
 Resultat: Sensordaten
 ---------------------
 Resultat: Angriffsdaten
 -----------------------
 Input: Commandline
 ------------------
 Input: Config
 -------------
 Wo kann ich PurpleDome kaufen ?
 ===============================
 Gar nicht. Ist kostenlos und Open Source
 https://github.com/avast/PurpleDome
 Bitte forken. Jetzt.
 Fragen ?
 Origin story
 ------------
 * Sensoren eines Behaviour Blockers müssen mit jedem OS update neu getestet werden
 * Jeder neue Angriff muss verifiziert werden...
 Also wurde automatisiert.
--- a/presentations/gpn_2022/make.bat
+++ b/presentations/gpn_2022/make.bat
@ -0,0 +1,35 @@
@ECHO OFF
 pushd %~dp0
 REM Command file for Sphinx documentation
 if "%SPHINXBUILD%" == "" (
 	set SPHINXBUILD=sphinx-build
 )
 set SOURCEDIR=.
 set BUILDDIR=_build
 if "%1" == "" goto help
 %SPHINXBUILD% >NUL 2>NUL
 if errorlevel 9009 (
 	echo.
 	echo.The 'sphinx-build' command was not found. Make sure you have Sphinx
 	echo.installed, then set the SPHINXBUILD environment variable to point
 	echo.to the full path of the 'sphinx-build' executable. Alternatively you
 	echo.may add the Sphinx directory to PATH.
 	echo.
 	echo.If you don't have Sphinx installed, grab it from
 	echo.http://sphinx-doc.org/
 	exit /b 1
 )
 %SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O%
 goto end
 :help
 %SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O%
 :end
 popd